| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.01.2015, 19:49
| #1 |
 |  Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Hi Zusammen, ich bin brandneu hier und hoffe auf eure Hilfe. Hab mir Unisales eingefangen und Google konnte bis nun nicht helfen bzg. Mozilla, Chrome, I. Explorer resetten etc. haben nicht geholfen. ADWCleaner bringt nichts Malwarebytes eben sowenig. Ich wäre euch außerordentlich dankbar, wenn Ihr mir nen Tipp/ Hilfe hättet. Danke schon mal für eure Zeit. Hier sind meine Log's: FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 Ran by x203 (administrator) on ADMIN-MANUEL on 15-01-2015 19:38:23 Running from C:\Users\Manuel\Downloads Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe (Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe () C:\Users\Manuel\Downloads\Gmer-19357.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation) Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162 FireFox: ======== FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15] FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (Google Wallet) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30] CHR Extension: (unIsales) - C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma\ [2013-12-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L) S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.) R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited) S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed] R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited) R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation) R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB) R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd) R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation) S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB) R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB) S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X] S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X] U3 pgtyraog; \??\C:\Users\x203\AppData\Local\Temp\pgtyraog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe 2015-01-15 19:32 - 2015-01-15 19:32 - 00000470 _____ () C:\Users\Manuel\Downloads\defogger_disable.log 2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable 2015-01-15 19:31 - 2015-01-15 19:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-01-15 19:31 - 2015-01-15 19:31 - 00001106 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2015-01-15 19:29 - 2015-01-15 19:30 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Manuel\Downloads\EmsisoftAntiMalware4799Setup.exe 2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log 2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe 2015-01-15 19:07 - 2015-01-15 19:38 - 00033097 _____ () C:\Users\Manuel\Downloads\FRST.txt 2015-01-15 19:07 - 2015-01-15 19:07 - 00037251 _____ () C:\Users\Manuel\Downloads\Addition.txt 2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe 2015-01-15 19:01 - 2015-01-15 19:01 - 07203008 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\kavremover678.exe 2015-01-15 19:01 - 2015-01-15 19:01 - 00247941 _____ () C:\Users\Manuel\Downloads\kavremvr 2015-01-15 19-01-40 (pid 11508).log 2015-01-15 15:24 - 2015-01-15 15:24 - 00000000 ___SD () C:\ComboFix 2015-01-15 15:18 - 2015-01-15 15:18 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Manuel\Downloads\rkill.exe 2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt 2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill 2015-01-15 15:16 - 2015-01-15 15:16 - 00000681 _____ () C:\Users\x203\Desktop\JRT.txt 2015-01-15 15:12 - 2015-01-15 15:12 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe 2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT 2015-01-15 15:11 - 2015-01-15 15:11 - 05609736 ____R (Swearware) C:\Users\Manuel\Downloads\ComboFix.exe 2015-01-15 15:11 - 2015-01-15 15:11 - 00000000 ____D () C:\Qoobox 2015-01-15 15:10 - 2015-01-15 15:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\tdsskiller.exe 2015-01-15 15:09 - 2015-01-15 15:09 - 02191360 _____ () C:\Users\Manuel\Downloads\AdwCleaner.exe 2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt 2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt 2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av 2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-01-15 10:54 - 2015-01-15 10:54 - 00003252 _____ () C:\Windows\System32\Tasks\Trojan Killer 2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft 2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing 2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-15 10:00 - 2015-01-15 10:00 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe 2015-01-15 09:51 - 2015-01-15 16:10 - 00001025 _____ () C:\Windows\setupact.log 2015-01-15 09:51 - 2015-01-15 15:59 - 00009756 _____ () C:\Windows\PFRO.log 2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-15 09:33 - 2015-01-15 09:33 - 17709352 _____ (Adobe Systems Inc.) C:\Users\x203\Downloads\Adobe_Air_v16.0.0.245.exe 2015-01-15 09:33 - 2015-01-15 09:33 - 11225840 _____ (SurfRight B.V.) C:\Users\x203\Downloads\Hitman_Pro_(64bit)_v3.7.9.234.exe 2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data 2015-01-14 14:02 - 2015-01-15 19:38 - 00000000 ____D () C:\FRST 2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL 2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList 2015-01-14 10:28 - 2015-01-14 10:28 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira 2015-01-14 10:28 - 2015-01-14 10:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-01-14 10:27 - 2015-01-14 10:27 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira 2015-01-14 10:26 - 2015-01-14 10:26 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-01-14 10:25 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-01-14 10:25 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-01-14 10:25 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk 2015-01-14 10:10 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-14 10:10 - 2015-01-14 10:25 - 00000000 ____D () C:\ProgramData\Avira 2015-01-14 10:10 - 2015-01-14 10:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro 2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman 2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates 2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP 2015-01-14 09:03 - 2015-01-15 14:48 - 00000000 ____D () C:\AdwCleaner 2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe 2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 18:34 - 2015-01-14 10:25 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx 2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe 2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-13 16:58 - 2015-01-13 16:59 - 44232000 _____ (Lenovo Group Limited ) C:\Users\x203\Downloads\ThinkVantage_Access_Connections_v6.24.exe 2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com 2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg 2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung aufgrund nicht bestandener Leistungsnachweise FS 14.msg 2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools 2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014 2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina 2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719 2015-01-12 22:29 - 2015-01-15 11:31 - 00000000 ____D () C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma 2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt 2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3 4 - Developer World.html 2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3 4 - Developer World_files 2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android 2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4 2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool 2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool 2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2015-01-11 10:32 - 2015-01-11 10:53 - 34121112 _____ (Oracle Corporation) C:\Users\x203\Downloads\Java_Runtime_Environment_(64bit)_v8.0.exe 2015-01-11 10:32 - 2015-01-11 10:53 - 14878640 _____ () C:\Users\x203\Downloads\Glary_Utilities_Pro_v5.16.0.29.exe 2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile 2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android 2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf 2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt 2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys 2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile 2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc 2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse 2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio 2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio 2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio 2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android 2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java 2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock 2015-01-09 08:56 - 2015-01-09 08:56 - 00000000 ____D () C:\Users\x203\Downloads\Stardock 2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log 2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander 2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd 2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER 2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk 2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER 2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO 2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1} 2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO 2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO 2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO 2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations 2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader 2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk 2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk 2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost 2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip 2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33 2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 19:38 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi 2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203 2015-01-15 19:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-15 18:55 - 2013-05-15 05:28 - 01858199 _____ () C:\Windows\WindowsUpdate.log 2015-01-15 16:07 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-15 16:07 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-15 16:06 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-01-15 16:06 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-01-15 16:06 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-15 16:00 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi 2015-01-15 16:00 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-15 15:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-15 15:00 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2015-01-15 14:59 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox 2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox 2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software 2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify 2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-14 17:34 - 2014-12-08 10:30 - 00976384 ___SH () C:\Users\Manuel\Desktop\Thumbs.db 2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader 2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-14 10:10 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-14 09:31 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google 2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel 2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo 2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment 2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify 2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs 2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo 2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations 2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android 2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos 2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel 2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask 2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media 2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences 2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT 2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore 2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity 2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe 2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz 2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation 2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared 2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation 2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar 2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage 2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe 2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini 2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco 2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk 2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi 2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin 2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R Some content of TEMP: ==================== C:\Users\Manuel\AppData\Local\temp\avgnt.exe C:\Users\Manuel\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfnjov.dll C:\Users\x203\AppData\Local\temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 12:49 ==================== End Of Log ============================ GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-01-15 19:43:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.LF1i 167.68GB Running: Gmer-19357.exe; Driver: C:\Users\x203\AppData\Local\Temp\pgtyraog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800039bc000 8 bytes [00, 00, 53, 02, 50, 72, 6F, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 464 fffff800039bc010 30 bytes [00, 10, 00, 00, 28, 05, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000073441b41 2 bytes [44, 73] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000073441be8 2 bytes [44, 73] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000073441c20 2 bytes [44, 73] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000073441cd2 2 bytes [44, 73] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000073441cf2 2 bytes [44, 73] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files\CyberGhost 5\Service.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files\CyberGhost 5\Service.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000714511a8 2 bytes [45, 71] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000714513a8 2 bytes [45, 71] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071451422 2 bytes [45, 71] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071451498 2 bytes [45, 71] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000073441b41 2 bytes [44, 73] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000073441be8 2 bytes [44, 73] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000073441c20 2 bytes [44, 73] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000073441cd2 2 bytes [44, 73] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000073441cf2 2 bytes [44, 73] .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [5596] entry point in ".rdata" section 000000005bfb71e6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe[1304] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe[1304] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe[11056] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe[11056] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 ---- Devices - GMER 2.1 ---- Device \FileSystem\a2util \Device\A2Util fffff880099e6694 Device \FileSystem\A2DDA \Device\A2 Direct Disk Access fffff880098e8314 Device \FileSystem\cleanhlp \Device\{A9CCEF13-54B0-4d3b-B0AD-549A53991942} fffff8800906f3f4 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\ntdll.dll [5140:5144] 00000000001a8d4e Thread C:\Windows\SysWOW64\ntdll.dll [5140:7036] 000000006e7dcf5c Thread C:\Windows\SysWOW64\ntdll.dll [5140:7028] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:7224] 000000006e7624a2 Thread C:\Windows\SysWOW64\ntdll.dll [5140:7772] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:7972] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:3956] 000000006e80c159 Thread C:\Windows\SysWOW64\ntdll.dll [5140:7204] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:7540] 00000000615e784b Thread C:\Windows\SysWOW64\ntdll.dll [5140:7704] 00000000741732fb Thread C:\Windows\SysWOW64\ntdll.dll [5140:7280] 000000005958aec5 Thread C:\Windows\SysWOW64\ntdll.dll [5140:7420] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:7484] 00000000765cd864 Thread C:\Windows\SysWOW64\ntdll.dll [5140:11668] 000000005c21871b Thread C:\Windows\SysWOW64\ntdll.dll [5140:10744] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:12252] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:12012] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:10868] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:9864] 000000006e85a8c0 Thread C:\Windows\SysWOW64\ntdll.dll [5140:1608] 000000006e8688ff ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a 0x40 0x44 0x2C 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a 0x40 0x44 0x2C 0xE0 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Maga Geändert von maga84 (15.01.2015 um 20:07 Uhr) |
|
15.01.2015, 19:50
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
15.01.2015, 20:26
| #3 |
| | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet hi schrauber,
__________________danke für den Hinweis. Laut FRST sitzt unter CHR Extension: (unIsales) - C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma\ [2013-12-30] das Unisales-Problem. Ich hab es mal entfernt und hoffe, dass es jetzt geht. Habt Ihr sonst noch was gefunden? Meinen jungfräulichen Log-File Augen entgeht bestimmt einiges. ;-) Danue und Grüße Maga |
|
16.01.2015, 07:21
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Die Addition.txt von FRST fehlt immer noch 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 08:30
| #5 |
| | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Hi schrauber Die Addition.txt spuckt es mir nicht mehr aus. :-( nur beim ersten Durchlauf, als ich jedoch nicht als Admin angemeldet war. Hier ist sie: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by Manuel at 2015-01-15 19:07:53
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{D586BF67-0A61-4572-BE25-07B40C4CEDA1}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-09-30 21:31 - 00000505 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns2.adobe.com
127.0.0.1 adobe-dns3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 acitvate-sjc0.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GlaryInitialize 5.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => ?
==================== Loaded Modules (whitelisted) =============
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203
==================== Faulty Device Manager Devices =============
Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/15/2015 04:02:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x1610
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3
Error: (01/15/2015 03:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0xb928
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3
System errors:
=============
Error: (01/15/2015 04:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/15/2015 03:59:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847
Error: (01/15/2015 03:17:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
Microsoft Office Sessions:
=========================
Error: (01/15/2015 04:02:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d2161001d030d3f5020979C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe8ae80206-9cc7-11e4-9f57-028037ec0200
Error: (01/15/2015 03:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d2b92801d030ce002f504dC:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe3fa047b2-9cc1-11e4-948f-028037ec0200
CodeIntegrity Errors:
===================================
Date: 2015-01-14 09:08:57.418
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-14 09:08:57.333
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-09 20:34:06.552
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-09 20:34:05.382
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:40:29.432
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:36:48.011
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:36:01.740
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-26 20:26:04.283
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-26 20:26:04.173
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-30 22:05:35.495
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 45%
Total physical RAM: 7887.8 MB
Available physical RAM: 4281.45 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 11507.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:18.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
16.01.2015, 09:42
| #6 | |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitetZitat:
nicht nett. Kein weiterer Support bis das gecrackte Photoshop entfernt wurde.....
__________________ --> Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet |
|
16.01.2015, 11:27
| #7 |
| | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Und Nochmal. Danke für eure Zeit! Wegen zu vielen Zeichen gesplittet: GMER - Teil 1 Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-01-16 10:37:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.LF1i 167.68GB Running: Gmer-19357.exe; Driver: C:\Users\x203\AppData\Local\Temp\pgtyraog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800039bc000 45 bytes [00, 00, 21, 02, 41, 4C, 50, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff800039bc02f 18 bytes [00, 60, 60, F6, 14, 80, FA, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\SysWOW64\ntdll.dll!RtlFreeActivationContextStack + 271 0000000077178017 7 bytes JMP 000000010cfa883c .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\syswow64\kernel32.dll!FreeLibrary + 8 0000000075243490 7 bytes JMP 000000010cfa866c .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19 0000000075245389 7 bytes JMP 000000010cf581b4 .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000005bb21b41 2 bytes [B2, 5B] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000005bb21be8 2 bytes [B2, 5B] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000005bb21c20 2 bytes [B2, 5B] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000005bb21cd2 2 bytes [B2, 5B] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000005bb21cf2 2 bytes [B2, 5B] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Program Files\CyberGhost 5\Service.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Program Files\CyberGhost 5\Service.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} .text C:\Windows\system32\Dwm.exe[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 06] .text C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes CALL 9000027 .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007fef6c85c70 6 bytes JMP 37b4c0 .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductA 000007fef6d02ad4 2 bytes [FF, 25] .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductA + 3 000007fef6d02ad7 3 bytes [D5, 2B, 00] .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductW 000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fefa157b34 6 bytes {JMP QWORD [RIP+0xd84fc]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fefa1603c0 6 bytes JMP 70000 .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd6b3030 6 bytes {JMP QWORD [RIP+0x192d000]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x18cba70]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!listen 000007fefd6b8290 6 bytes {JMP QWORD [RIP+0x1907da0]} .text C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0x18c1f40]} .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 7175000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 7175000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 716c000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 716c000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 716f000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 716f000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7172000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7172000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 717b000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 717b000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 7178000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 7178000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 7169000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 7169000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 7166000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 7166000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 717e000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7181000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 718d000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7187000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 718a000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 7190000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 7193000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 7193000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 7196000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000751f575a 6 bytes JMP 719c000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!connect 00000000751f6bdd 6 bytes JMP 71a5000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!listen 00000000751fb001 6 bytes JMP 719f000a .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000751fcc3f 6 bytes JMP 71a2000a .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 06] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]} .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7184000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7184000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7190000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7190000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 718d000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 718d000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 717e000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 717e000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 717b000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 717b000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000 .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 719f000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7199000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 719c000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 71a2000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 71a5000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 71a5000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71ab000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a8000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7193000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7196000a .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000716d11a8 2 bytes [6D, 71] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000716d13a8 2 bytes [6D, 71] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000716d1422 2 bytes [6D, 71] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000716d1498 2 bytes [6D, 71] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000005bb21b41 2 bytes [B2, 5B] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000005bb21be8 2 bytes [B2, 5B] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000005bb21c20 2 bytes [B2, 5B] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000005bb21cd2 2 bytes [B2, 5B] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000005bb21cf2 2 bytes [B2, 5B] .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes CALL 9000027 .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd6b3030 6 bytes {JMP QWORD [RIP+0x104d000]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0xfeba70]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!listen 000007fefd6b8290 6 bytes {JMP QWORD [RIP+0x1027da0]} .text C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0xfe1f40]} .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 717e000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 717e000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7175000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7175000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7178000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7178000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 717b000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 717b000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7184000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7184000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 7181000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 7181000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 7172000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 7172000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 716f000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 716f000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000 .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 7193000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 718d000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 7190000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 7196000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 7199000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 7199000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 719f000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 719c000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7187000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 718a000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000751f575a 6 bytes JMP 71a2000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!connect 00000000751f6bdd 6 bytes JMP 71ab000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!listen 00000000751fb001 6 bytes JMP 71a5000a .text C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000751fcc3f 6 bytes JMP 71a8000a .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} .text C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 26] .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 717e000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 717e000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7175000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7175000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7178000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7178000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 717b000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 717b000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7184000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7184000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 7181000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 7181000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 7172000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 7172000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 716f000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 716f000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 7193000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 718d000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 7190000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 7196000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 7199000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 7199000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 719f000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 719c000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 718a000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000751f575a 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!connect 00000000751f6bdd 6 bytes JMP 71ab000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!listen 00000000751fb001 6 bytes JMP 71a5000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000751fcc3f 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 7184000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 7184000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 717b000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 717b000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 717e000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 717e000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7181000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7181000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 718a000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 718a000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 7187000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 7187000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 7178000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 7178000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 7175000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 7175000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 7199000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7193000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 7196000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 719c000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 719f000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 719f000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71a5000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a2000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 718d000a .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7190000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 7184000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 7184000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 717b000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 717b000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 717e000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 717e000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7181000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7181000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 718a000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 718a000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 7187000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 7187000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 7178000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 7178000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 7175000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 7175000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000 .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 7199000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7193000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 7196000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 719c000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 719f000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 719f000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71a5000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a2000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 718d000a .text C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7190000a .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes [FF, 25, 1E] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes [83, 71] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes [FF, 25, 1E] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes [8F, 71] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes [FF, 25, 1E] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes [8C, 71] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes [FF, 25, 1E] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes [7D, 71] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes [FF, 25, 1E] .text C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes [7A, 71] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7184000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7184000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7190000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7190000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes [8C, 71] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes [7D, 71] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 717b000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 717b000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes {JMP QWORD [RIP+0x7192001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes {JMP QWORD [RIP+0x7195001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 719f000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes {JMP QWORD [RIP+0x7198001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes {JMP QWORD [RIP+0x719b001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes {JMP QWORD [RIP+0x71a1001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes [A4, 71] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes {JMP QWORD [RIP+0x71aa001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes {JMP QWORD [RIP+0x71a7001e]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes CALL 0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes CALL 9000027 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 71a5000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 71a5000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71ab000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a8000a .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} .text C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes CALL 9000027 .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]} .text C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]} .text C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]} .text C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]} .text C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]} .text C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]} .text C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]} .text C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]} .text C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]} .text C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]} |
|
16.01.2015, 11:28
| #8 |
| | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet GMER - Teil 2 Code:
ATTFilter .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes CALL 9000027
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 7178000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 7178000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 716f000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 716f000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7172000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7172000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7175000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7175000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 717e000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 717e000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 717b000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 717b000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 716c000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 716c000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 7169000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 7169000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 718d000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7187000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 718a000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 7190000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 7193000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 7193000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 7199000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 7196000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7181000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7184000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000751f575a 6 bytes JMP 719c000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!connect 00000000751f6bdd 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!listen 00000000751fb001 6 bytes JMP 719f000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000751fcc3f 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75]
.text ... * 2
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7184000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7184000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7190000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7190000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 718d000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 718d000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 717e000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 717e000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 717b000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 717b000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7193000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7196000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 719f000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7199000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 719c000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 71a2000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 71a5000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 71a5000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71ab000a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[7960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[7960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75]
.text ... * 2
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fefa157b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fefa1603c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!listen 000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd6de0f0 6 bytes JMP 0
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text C:\Windows\system32\taskeng.exe[7668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 06]
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 08]
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!listen 000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd6de0f0 6 bytes JMP 22000000
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007fef6c85c70 6 bytes {JMP QWORD [RIP+0x37a3c0]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductA 000007fef6d02ad4 2 bytes [FF, 25]
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductA + 3 000007fef6d02ad7 3 bytes [D5, 2B, 00]
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductW 000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 2A]
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!listen 000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0x61f40]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007fef6c85c70 6 bytes {JMP QWORD [RIP+0x37a3c0]}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductA 000007fef6d02ad4 2 bytes [FF, 25]
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductA + 3 000007fef6d02ad7 3 bytes [D5, 2B, 00]
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductW 000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd29055 3 bytes [B5, 6F, 06]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]}
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000751f575a 6 bytes JMP 716d000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!connect 00000000751f6bdd 6 bytes JMP 7176000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!listen 00000000751fb001 6 bytes JMP 7170000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000751fcc3f 6 bytes JMP 7173000a
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75]
.text ... * 2
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7184000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7184000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7190000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7190000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 718d000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 718d000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 717e000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 717e000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 717b000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 717b000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 719f000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7199000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 719c000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 71a2000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 71a5000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 71a5000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71ab000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a8000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7193000a
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[8516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[8516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75]
.text ... * 2
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[8696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[8696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75]
.text ... * 2
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007713fc20 3 bytes JMP 718a000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007713fc24 2 bytes JMP 718a000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007713fc38 3 bytes JMP 7181000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007713fc3c 2 bytes JMP 7181000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007713fd64 3 bytes JMP 7184000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007713fd68 2 bytes JMP 7184000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771400b4 3 bytes JMP 7187000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000771400b8 2 bytes JMP 7187000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771401c4 3 bytes JMP 7190000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000771401c8 2 bytes JMP 7190000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077140a44 3 bytes JMP 718d000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077140a48 2 bytes JMP 718d000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077141920 3 bytes JMP 717e000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077141924 2 bytes JMP 717e000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075253bbb 3 bytes JMP 717b000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075253bbf 2 bytes JMP 717b000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076862c9e 4 bytes CALL 71af0000
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c39679 6 bytes JMP 719f000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c412a5 6 bytes JMP 7199000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c43baa 6 bytes JMP 719c000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c4612e 6 bytes JMP 71a2000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c5ff4a 3 bytes JMP 71a5000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c5ff4e 2 bytes JMP 71a5000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076c9027b 6 bytes JMP 71ab000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076c902bf 6 bytes JMP 71a8000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757c70c4 6 bytes JMP 7193000a
.text C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757e3264 6 bytes JMP 7196000a
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [4860:4864] 0000000001068d4e
Thread C:\Windows\SysWOW64\ntdll.dll [4860:7948] 000000006e79cf5c
Thread C:\Windows\SysWOW64\ntdll.dll [4860:7956] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:8004] 000000006e7224a2
Thread C:\Windows\SysWOW64\ntdll.dll [4860:7772] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:5692] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:1540] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:2012] 000000006e7cc159
Thread C:\Windows\SysWOW64\ntdll.dll [4860:3688] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:8200] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:8412] 000000006f4c784b
Thread C:\Windows\SysWOW64\ntdll.dll [4860:8548] 0000000056c1aec5
Thread C:\Windows\SysWOW64\ntdll.dll [4860:692] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:708] 0000000074ead864
Thread C:\Windows\SysWOW64\ntdll.dll [4860:8552] 0000000072b232fb
Thread C:\Windows\SysWOW64\ntdll.dll [4860:5552] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:6004] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:3944] 000000006e81a8c0
Thread C:\Windows\SysWOW64\ntdll.dll [4860:7740] 000000006e8288ff
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a 0x40 0x44 0x2C 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a 0x40 0x44 0x2C 0xE0 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
16.01.2015, 11:30
| #9 |
| | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 Ran by x203 (administrator) on ADMIN-MANUEL on 16-01-2015 11:17:24 Running from C:\Users\Manuel\Downloads Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe (Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe (Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation) Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162 FireFox: ======== FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15] FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (Google Wallet) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L) S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] () R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.) R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited) S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed] R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited) R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation) R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB) R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd) R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation) R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB) R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB) S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X] S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 11:13 - 2015-01-16 11:13 - 00057924 _____ () C:\Users\Manuel\Downloads\Addition.txt 2015-01-16 11:12 - 2015-01-16 11:17 - 00034967 _____ () C:\Users\Manuel\Downloads\FRST.txt 2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt 2015-01-16 10:25 - 2015-01-16 10:25 - 00000470 _____ () C:\Users\Manuel\Downloads\defogger_disable.log 2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp 2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump 2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe 2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable 2015-01-15 19:31 - 2015-01-16 10:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-01-15 19:31 - 2015-01-15 19:31 - 00001106 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2015-01-15 19:29 - 2015-01-15 19:30 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Manuel\Downloads\EmsisoftAntiMalware4799Setup.exe 2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log 2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe 2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe 2015-01-15 19:01 - 2015-01-15 19:01 - 07203008 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\kavremover678.exe 2015-01-15 19:01 - 2015-01-15 19:01 - 00247941 _____ () C:\Users\Manuel\Downloads\kavremvr 2015-01-15 19-01-40 (pid 11508).log 2015-01-15 15:24 - 2015-01-15 15:24 - 00000000 ___SD () C:\ComboFix 2015-01-15 15:18 - 2015-01-15 15:18 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Manuel\Downloads\rkill.exe 2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt 2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill 2015-01-15 15:16 - 2015-01-15 15:16 - 00000681 _____ () C:\Users\x203\Desktop\JRT.txt 2015-01-15 15:12 - 2015-01-15 15:12 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe 2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT 2015-01-15 15:11 - 2015-01-15 15:11 - 05609736 ____R (Swearware) C:\Users\Manuel\Downloads\ComboFix.exe 2015-01-15 15:11 - 2015-01-15 15:11 - 00000000 ____D () C:\Qoobox 2015-01-15 15:10 - 2015-01-15 15:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\tdsskiller.exe 2015-01-15 15:09 - 2015-01-15 15:09 - 02191360 _____ () C:\Users\Manuel\Downloads\AdwCleaner.exe 2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt 2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt 2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av 2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-01-15 10:54 - 2015-01-15 10:54 - 00003252 _____ () C:\Windows\System32\Tasks\Trojan Killer 2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft 2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing 2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-15 10:00 - 2015-01-15 10:00 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe 2015-01-15 09:51 - 2015-01-16 11:08 - 00001957 _____ () C:\Windows\setupact.log 2015-01-15 09:51 - 2015-01-16 10:41 - 00011536 _____ () C:\Windows\PFRO.log 2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data 2015-01-14 14:02 - 2015-01-16 11:17 - 00000000 ____D () C:\FRST 2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL 2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList 2015-01-14 10:28 - 2015-01-14 10:28 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira 2015-01-14 10:28 - 2015-01-14 10:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-01-14 10:27 - 2015-01-14 10:27 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira 2015-01-14 10:26 - 2015-01-14 10:26 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-01-14 10:25 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-01-14 10:25 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-01-14 10:25 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk 2015-01-14 10:10 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-14 10:10 - 2015-01-14 10:25 - 00000000 ____D () C:\ProgramData\Avira 2015-01-14 10:10 - 2015-01-14 10:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro 2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman 2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates 2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP 2015-01-14 09:03 - 2015-01-15 14:48 - 00000000 ____D () C:\AdwCleaner 2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe 2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 18:34 - 2015-01-14 10:25 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx 2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe 2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com 2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg 2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung aufgrund nicht bestandener Leistungsnachweise FS 14.msg 2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools 2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014 2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina 2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719 2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt 2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3 4 - Developer World.html 2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3 4 - Developer World_files 2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android 2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4 2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool 2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool 2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile 2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android 2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf 2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt 2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys 2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile 2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc 2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse 2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio 2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio 2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio 2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android 2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java 2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock 2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log 2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander 2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd 2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER 2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk 2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER 2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO 2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1} 2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO 2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO 2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO 2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations 2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader 2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk 2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk 2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost 2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip 2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33 2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 11:16 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi 2015-01-16 11:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-16 11:01 - 2013-05-15 05:28 - 01964081 _____ () C:\Windows\WindowsUpdate.log 2015-01-16 10:59 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-16 10:49 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-16 10:49 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-16 10:48 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-01-16 10:48 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-01-16 10:48 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-16 10:42 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi 2015-01-16 10:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop 2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe 2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-15 20:22 - 2014-12-08 10:30 - 00989184 ___SH () C:\Users\Manuel\Desktop\Thumbs.db 2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203 2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox 2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox 2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software 2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify 2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader 2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-14 10:10 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-14 09:31 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google 2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel 2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo 2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment 2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify 2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs 2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo 2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations 2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android 2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos 2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel 2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask 2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media 2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences 2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT 2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore 2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity 2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe 2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz 2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation 2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared 2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation 2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar 2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage 2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe 2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini 2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco 2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk 2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi 2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin 2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R Some content of TEMP: ==================== C:\Users\Manuel\AppData\Local\temp\avgnt.exe C:\Users\Manuel\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfnjov.dll C:\Users\x203\AppData\Local\temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 12:49 ==================== End Of Log ============================ --- --- --- ADDITION Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-16 11:13:12
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version: - )
Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-01-16 11:03 - 2015-01-16 11:10 - 00000883 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {326D759E-1B50-476F-8ACE-CA0912537815} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION
Task: {3807F458-4445-431C-898E-980905E16691} - \TubeSaver-15-updater No Task File <==== ATTENTION
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49D3B875-F572-4023-9D26-A845D020A2F7} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {776C12F0-5401-4A1A-AEF9-723003F413BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {861B78BE-2733-43B6-AAE8-3C9E1D9492F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4884143-8D6C-4A9B-94FB-13419383DF56} - \TubeSaver-15-enabler No Task File <==== ATTENTION
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe
==================== Loaded Modules (whitelisted) =============
2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-05 06:18 - 2015-01-05 06:18 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203
==================== Faulty Device Manager Devices =============
Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2015 11:11:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WISPTIS.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a4e0
Name des fehlerhaften Moduls: WISPTIS.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a4e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000036e8a
ID des fehlerhaften Prozesses: 0x3b2c
Startzeit der fehlerhaften Anwendung: 0xWISPTIS.EXE0
Pfad der fehlerhaften Anwendung: WISPTIS.EXE1
Pfad des fehlerhaften Moduls: WISPTIS.EXE2
Berichtskennung: WISPTIS.EXE3
Error: (01/16/2015 11:00:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x32b8
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3
Error: (01/16/2015 10:58:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x2a3c
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3
Error: (01/16/2015 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x12f4
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
System errors:
=============
Error: (01/16/2015 11:02:44 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (01/16/2015 10:43:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2015 10:31:46 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2015 10:25:33 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2015 10:23:48 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x0000000080000004, 0xfffff80003b94470, 0xfffff88002f84b90, 0x0000000000000000)C:\Windows\MEMORY.DMP011615-8845-01
Error: (01/16/2015 10:23:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.01.2015 um 10:21:59 unerwartet heruntergefahren.
Error: (01/16/2015 10:17:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2015 08:27:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2015 08:25:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847
Error: (01/15/2015 08:40:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Microsoft Office Sessions:
=========================
Error: (01/16/2015 11:11:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WISPTIS.EXE6.1.7601.175144ce7a4e0WISPTIS.EXE6.1.7601.175144ce7a4e0c00000050000000000036e8a3b2c01d03174c4cbd7caC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\SYSTEM32\WISPTIS.EXE060a7314-9d68-11e4-9e9c-028037ec0200
Error: (01/16/2015 11:00:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d232b801d031733557ccd3C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe744ec682-9d66-11e4-9e9c-028037ec0200
Error: (01/16/2015 10:58:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d22a3c01d03172ecd6dcecC:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe32a99d71-9d66-11e4-9e9c-028037ec0200
Error: (01/16/2015 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d212f401d03170b740d149C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe451739dc-9d64-11e4-9e9c-028037ec0200
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600
Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600
CodeIntegrity Errors:
===================================
Date: 2015-01-14 09:08:57.418
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-14 09:08:57.333
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-09 20:34:06.552
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-09 20:34:05.382
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:40:29.432
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:36:48.011
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:36:01.740
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-26 20:26:04.283
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-26 20:26:04.173
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-30 22:05:35.495
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 7887.8 MB
Available physical RAM: 4500.52 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 10957.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:20.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)
==================== End Of Log ============================
|
|
16.01.2015, 11:56
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Hast Du den Chrome mit als unfertige Developer Version installiert?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 12:02
| #11 |
| | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Eigentlich nein. Habe das "normale" chrome runter geladen und in Verwendung. |
|
16.01.2015, 12:09
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet eben nicht. Deine Chrome Version wiurde von adware in Dev geändert, so lässt sich die andere Adware leichter installieren  . Du surfst ja auch über nen Malware-Proxy.Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 17:50
| #13 |
| | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Wow, danke für deine schnelle Hilfe. So, hab es hinbekommen. hier die Combofix Log-Datei Code:
ATTFilter ComboFix 15-01-08.01 - x203 16.01.2015 15:28:00.5.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.7888.5768 [GMT 1:00]
ausgeführt von:: c:\users\Manuel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\1386885237.bdinstall.bin
c:\programdata\Roaming
c:\users\Manuel\AppData\Local\assembly\tmp
c:\users\x203\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-16 bis 2015-01-16 ))))))))))))))))))))))))))))))
.
.
2015-01-16 14:40 . 2015-01-16 14:40 -------- d-----w- c:\users\x203\AppData\Local\temp
2015-01-16 11:38 . 2015-01-16 11:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-01-16 11:36 . 2015-01-16 11:36 -------- d-----w- c:\program files (x86)\Revo Uninstaller
2015-01-16 07:30 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36BBD20A-98D5-418C-AC94-BE847FBF5344}\mpengine.dll
2015-01-15 18:55 . 2015-01-15 18:55 -------- d-----w- c:\programdata\Emsisoft
2015-01-15 18:31 . 2015-01-16 12:46 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2015-01-15 14:12 . 2015-01-15 14:12 -------- d-----w- c:\windows\ERUNT
2015-01-15 13:49 . 2015-01-15 13:49 -------- d-----w- c:\programdata\Avg_Update_1014av
2015-01-15 13:24 . 2015-01-15 13:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2015-01-15 09:54 . 2015-01-15 09:54 -------- d-----w- c:\programdata\GridinSoft
2015-01-15 09:51 . 2015-01-15 14:02 -------- d-----w- c:\users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 09:46 . 2015-01-15 09:46 -------- d-----w- c:\program files (x86)\ESET
2015-01-14 13:02 . 2015-01-16 10:17 -------- d-----w- C:\FRST
2015-01-14 11:16 . 2015-01-14 11:16 -------- d-----w- C:\_OTL
2015-01-14 11:08 . 2015-01-14 11:08 -------- d-sh--w- c:\users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 09:28 . 2015-01-14 09:27 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-01-14 09:28 . 2015-01-14 09:28 -------- d-----w- c:\users\Manuel\AppData\Roaming\Avira
2015-01-14 09:27 . 2015-01-14 09:27 -------- d-----w- c:\users\x203\AppData\Roaming\Avira
2015-01-14 09:25 . 2014-11-24 09:23 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-01-14 09:25 . 2014-11-24 09:23 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-01-14 09:25 . 2014-11-24 09:23 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-01-14 09:10 . 2015-01-14 09:25 -------- d-----w- c:\programdata\Avira
2015-01-14 08:54 . 2015-01-15 13:24 -------- d-----w- c:\program files\HitmanPro
2015-01-14 08:08 . 2015-01-14 08:08 -------- d-----w- c:\programdata\Network Associates
2015-01-14 08:07 . 2015-01-14 08:08 -------- d-----w- c:\program files (x86)\Common Files\Network Associates
2015-01-14 08:06 . 2015-01-14 08:23 -------- d-----w- c:\windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 08:03 . 2015-01-15 13:48 -------- d-----w- C:\AdwCleaner
2015-01-13 17:36 . 2015-01-13 17:36 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-01-13 17:34 . 2015-01-14 09:25 -------- d-----w- c:\program files (x86)\Avira
2015-01-13 16:29 . 2015-01-13 17:39 -------- d-----w- c:\programdata\AVAST Software
2015-01-13 15:58 . 2015-01-13 15:58 -------- d-----w- c:\users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 10:48 . 2015-01-13 10:48 -------- d-----w- c:\users\x203\AppData\Local\Avg2014
2015-01-12 16:44 . 2015-01-13 14:21 -------- d-----w- c:\users\Manuel\AppData\Local\Android
2015-01-12 15:03 . 2015-01-12 23:23 -------- d-----w- C:\Flashtool
2015-01-10 20:11 . 2015-01-13 08:22 -------- d-----w- c:\programdata\Sony Mobile
2015-01-10 19:52 . 2015-01-10 19:52 -------- d-----w- c:\users\x203\.android
2015-01-10 19:38 . 2015-01-10 19:38 -------- d-----w- c:\users\x203\.swt
2015-01-10 16:15 . 2015-01-10 16:15 30424 ----a-w- c:\windows\system32\drivers\ggsomc.sys
2015-01-10 16:15 . 2015-01-10 16:15 16088 ----a-w- c:\windows\system32\drivers\ggflt.sys
2015-01-10 12:49 . 2015-01-10 12:49 -------- d-----w- c:\users\Manuel\.jmc
2015-01-10 12:49 . 2015-01-10 12:49 -------- d-----w- c:\users\Manuel\.eclipse
2015-01-10 12:39 . 2015-01-10 12:39 -------- d-----w- c:\users\x203\.AndroidStudio
2015-01-10 12:39 . 2015-01-10 12:39 -------- d-----w- c:\users\Manuel\.AndroidStudio
2015-01-10 12:34 . 2015-01-13 11:25 -------- d-----w- c:\program files\Android
2015-01-10 12:32 . 2015-01-11 10:01 312728 ----a-w- c:\windows\system32\javaws.exe
2015-01-10 12:32 . 2015-01-11 10:02 111000 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-10 12:32 . 2015-01-11 10:01 191384 ----a-w- c:\windows\system32\javaw.exe
2015-01-10 12:32 . 2015-01-11 10:01 190872 ----a-w- c:\windows\system32\java.exe
2015-01-10 12:31 . 2015-01-11 10:01 -------- d-----w- c:\program files\Java
2015-01-09 07:59 . 2015-01-09 08:00 -------- d-----w- c:\programdata\Stardock
2015-01-08 17:57 . 2015-01-10 18:38 -------- d-----w- c:\programdata\SP_FT_Logs
2015-01-08 17:24 . 2015-01-08 18:49 -------- d-----w- c:\users\Manuel\AppData\Roaming\GHISLER
2015-01-08 17:24 . 2015-01-08 20:00 -------- d-----w- c:\program files (x86)\totalcmd
2015-01-08 17:24 . 2015-01-08 17:24 -------- d-----w- c:\users\x203\AppData\Roaming\GHISLER
2015-01-07 14:19 . 2015-01-07 14:19 -------- d-----w- c:\users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 14:18 . 2015-01-07 14:18 -------- d-----w- c:\users\Manuel\AppData\Roaming\EIZO
2015-01-07 14:18 . 2015-01-07 14:18 -------- d-----w- c:\users\x203\AppData\Roaming\EIZO
2015-01-07 14:18 . 2015-01-11 09:30 -------- d-----w- c:\program files (x86)\EIZO
2015-01-07 14:17 . 2015-01-10 10:22 -------- d-----w- c:\users\x203\AppData\Local\Downloaded Installations
2015-01-06 09:30 . 2015-01-06 09:30 -------- d-----w- c:\users\Manuel\AppData\Local\Foxit Reader
2015-01-02 12:44 . 2015-01-02 12:47 -------- d-----w- c:\users\Manuel\AppData\Local\CyberGhost
2015-01-02 12:44 . 2015-01-02 12:44 -------- d-----w- c:\program files\TAP-Windows
2015-01-02 12:44 . 2015-01-02 12:44 -------- d-----w- c:\program files\CyberGhost 5
2014-12-18 09:48 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-18 09:48 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-17 18:38 . 2014-12-17 18:38 -------- d-----w- c:\users\Manuel\AppData\Roaming\FreeCommander
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 09:58 . 2014-09-15 17:48 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 16:07 . 2013-11-19 11:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 16:07 . 2013-11-19 11:33 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 10:11 . 2013-10-21 20:44 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-13 10:46 . 2014-05-30 08:05 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2015-01-08 08:55 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-04 02:50 . 2014-12-11 08:11 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 08:11 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 08:11 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 08:11 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 08:11 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 08:11 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 08:11 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 08:11 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 08:10 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-23 16:36 . 2014-01-02 17:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-22 03:13 . 2014-12-11 08:10 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 08:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 08:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 08:10 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 08:10 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 08:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 08:10 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 08:10 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 08:10 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 08:10 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 08:10 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 08:10 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 08:10 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 08:10 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 08:10 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 08:10 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 08:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 08:10 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 08:10 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 08:10 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 08:10 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 08:10 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 08:10 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 08:10 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 08:10 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 08:10 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 08:10 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 08:10 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 08:10 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 08:10 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 08:10 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 08:10 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 08:10 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 08:10 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 08:10 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 08:10 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 08:10 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 08:10 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 08:10 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-09-15 17:47 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-09-15 17:47 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-09-15 17:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 19:47 . 2014-11-18 19:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
2014-11-14 05:07 . 2013-05-15 04:27 2692848 ------w- c:\windows\PWMBTHLV.EXE
2014-11-14 05:07 . 2013-05-15 04:27 29512 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2014-11-14 05:07 . 2013-05-15 04:27 2861296 ----a-w- c:\windows\system32\PWMCP64V.cpl
2014-11-14 05:07 . 2013-05-15 04:27 20736 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2014-11-11 03:09 . 2014-12-11 08:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:48 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:48 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 08:10 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:48 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:48 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 08:10 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 08:08 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 08:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 08:08 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 08:08 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-28 14:59 . 2014-09-26 15:37 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-10-25 01:57 . 2014-11-12 08:28 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 08:28 67584 ----a-w- c:\windows\SysWow64\packager.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-11-14 6371568]
.
c:\users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2014-9-16 222384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EIZO ScreenSlicer.lnk - c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe [2015-1-7 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Lenovo Registration"=c:\program files (x86)\Lenovo Registration\LenovoReg.exe /boot
"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
"PWMTRV"=rundll32 "c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R4 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe;c:\program files\Tablet\ISD\ISD_Tablet.exe [x]
S2 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [x]
S2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe;c:\program files\Tablet\ISD\ISD_TouchService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WebUpdate4;Web Update Wizard Service V4;c:\program files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe;c:\program files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 WTabletServiceISD;Wacom ISD Service;c:\program files\Tablet\ISD\WTabletServiceISD.exe;c:\program files\Tablet\ISD\WTabletServiceISD.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 l36wscard; Mobile Broadband USIM Port;c:\windows\system32\DRIVERS\l36wscard.sys;c:\windows\SYSNATIVE\DRIVERS\l36wscard.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys;c:\windows\SYSNATIVE\DRIVERS\WacomVTHid.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19 16:07]
.
2015-01-16 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05 05:16]
.
2014-11-24 c:\windows\Tasks\Norton Product InstallerIdle.job
- c:\windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03 18:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2014-08-07 295712]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-09-16 63728]
"TpShocks"="TpShocks.exe" [2014-09-18 555736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\x203\AppData\Local\Temp\ie_script.htm
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-16 16:13:35
ComboFix-quarantined-files.txt 2015-01-16 15:13
.
Vor Suchlauf: 15 Verzeichnis(se), 23'481'569'280 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 23'075'418'112 Bytes frei
.
- - End Of File - - 2DA076E6B2C1E569D1868A186761A891
|
|
16.01.2015, 19:44
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 21:15
| #15 |
| | Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitetCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.01.2015 Suchlauf-Zeit: 20:47:44 Logdatei: mbam.txt Administrator: Nein Version: 2.00.4.1028 Malware Datenbank: v2015.01.16.10 Rootkit Datenbank: v2015.01.14.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Manuel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 300915 Verstrichene Zeit: 5 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 16/01/2015 um 20:54:43
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : x203 - ADMIN-MANUEL
# Gestartet von : C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0 (x86 de)
*************************
AdwCleaner[R10].txt - [3776 octets] - [14/01/2015 09:03:25]
AdwCleaner[R11].txt - [2952 octets] - [14/01/2015 11:44:48]
AdwCleaner[R12].txt - [1975 octets] - [15/01/2015 14:47:08]
AdwCleaner[R13].txt - [1171 octets] - [16/01/2015 18:11:15]
AdwCleaner[R14].txt - [887 octets] - [16/01/2015 20:54:43]
AdwCleaner[S10].txt - [1187 octets] - [16/01/2015 18:22:19]
AdwCleaner[S8].txt - [3819 octets] - [14/01/2015 09:04:40]
AdwCleaner[S9].txt - [3022 octets] - [14/01/2015 11:56:02]
########## EOF - \AdwCleaner\AdwCleaner[R14].txt - [1128 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by x203 on 16.01.2015 at 21:01:20.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\x203\AppData\Roaming\mozilla\firefox\profiles\ci9uc6ip.default\prefs.js
user_pref("extensions.rBRO9pjpqFz3Gu2L.url", "hxxp://syncerjpi.info/sync2/?q=hfZ9ofV9CShEAen0rTa6qTUMg708BNmGWj8dichGheDUojw8rdwFrTsFrHaGqchIC7n0rjkErjwHrjk8qHkFtNhVCT94tMVKhd
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2015 at 21:04:35.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 Ran by x203 (administrator) on ADMIN-MANUEL on 16-01-2015 21:10:36 Running from C:\Users\Manuel\Downloads Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe (Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe (Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation) Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File BootExecute: autocheck autochk * CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162 FireFox: ======== FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15] FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L) S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] () R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.) R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited) S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed] R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.) S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited) R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation) R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB) R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd) R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation) R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB) R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X] S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 21:04 - 2015-01-16 21:04 - 00000946 _____ () C:\Users\x203\Desktop\JRT.txt 2015-01-16 20:48 - 2015-01-16 20:48 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe 2015-01-16 20:42 - 2015-01-16 21:10 - 00028969 _____ () C:\Users\Manuel\Downloads\FRST.txt 2015-01-16 18:35 - 2015-01-16 18:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-01-16 18:26 - 2015-01-16 21:06 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-16 18:26 - 2015-01-16 20:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-16 18:26 - 2015-01-16 18:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-16 18:26 - 2015-01-16 18:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-16 18:26 - 2015-01-16 18:26 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-16 18:26 - 2015-01-16 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-16 17:23 - 2015-01-16 17:23 - 00001724 _____ () C:\Users\Manuel\Desktop\omlag71i.default-1421310525556 - Verknüpfung.lnk 2015-01-16 16:59 - 2015-01-16 16:59 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira 2015-01-16 16:56 - 2015-01-16 16:56 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira 2015-01-16 16:51 - 2015-01-16 16:51 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-01-16 16:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-01-16 16:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-01-16 16:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-01-16 16:47 - 2015-01-16 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-16 16:47 - 2015-01-16 16:47 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-16 16:34 - 2015-01-16 16:34 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Macromedia 2015-01-16 16:14 - 2015-01-16 16:14 - 00044315 _____ () C:\ComboFix.txt 2015-01-16 15:18 - 2015-01-16 15:18 - 00001584 _____ () C:\Users\Manuel\Desktop\Revouninstaller.lnk 2015-01-16 12:38 - 2015-01-16 12:38 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\ProgramData\Mozilla 2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-16 12:28 - 2015-01-16 12:36 - 00001113 _____ () C:\Users\x203\Desktop\Revo Uninstaller.lnk 2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt 2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp 2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump 2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe 2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable 2015-01-15 19:31 - 2015-01-16 13:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log 2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe 2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe 2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt 2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill 2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT 2015-01-15 15:11 - 2015-01-16 16:16 - 00000000 ____D () C:\Qoobox 2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt 2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt 2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av 2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-01-15 10:54 - 2015-01-16 15:16 - 00003254 _____ () C:\Windows\System32\Tasks\Trojan Killer 2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft 2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing 2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-15 09:51 - 2015-01-16 21:05 - 00496156 _____ () C:\Windows\PFRO.log 2015-01-15 09:51 - 2015-01-16 21:05 - 00004548 _____ () C:\Windows\setupact.log 2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data 2015-01-14 14:02 - 2015-01-16 21:10 - 00000000 ____D () C:\FRST 2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL 2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList 2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk 2015-01-14 10:10 - 2015-01-16 16:50 - 00000000 ____D () C:\ProgramData\Avira 2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro 2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman 2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates 2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP 2015-01-14 09:03 - 2015-01-16 20:55 - 00000000 ____D () C:\AdwCleaner 2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe 2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 18:34 - 2015-01-16 16:50 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx 2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe 2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com 2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg 2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung aufgrund nicht bestandener Leistungsnachweise FS 14.msg 2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools 2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014 2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina 2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719 2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt 2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3 4 - Developer World.html 2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3 4 - Developer World_files 2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android 2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4 2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool 2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool 2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile 2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android 2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf 2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt 2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys 2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile 2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc 2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse 2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio 2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio 2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio 2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android 2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java 2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock 2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log 2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander 2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd 2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER 2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk 2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER 2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO 2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1} 2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO 2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO 2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO 2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations 2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader 2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk 2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk 2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost 2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows 2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip 2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33 2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 21:09 - 2013-05-15 05:28 - 01177126 _____ () C:\Windows\WindowsUpdate.log 2015-01-16 21:07 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi 2015-01-16 21:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-16 21:06 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi 2015-01-16 21:06 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2015-01-16 21:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-16 21:03 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-01-16 21:03 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-01-16 21:03 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-16 21:03 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-16 21:03 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-16 21:02 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google 2015-01-16 18:26 - 2013-10-27 09:56 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Google 2015-01-16 18:26 - 2013-05-15 05:29 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-16 18:23 - 2014-12-08 10:30 - 01022464 ___SH () C:\Users\Manuel\Desktop\Thumbs.db 2015-01-16 16:47 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-16 16:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-16 16:04 - 2014-01-01 17:13 - 00000000 ____D () C:\Windows\erdnt 2015-01-16 15:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop 2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe 2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203 2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox 2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox 2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software 2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify 2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader 2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel 2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo 2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment 2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify 2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs 2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo 2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations 2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android 2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos 2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel 2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask 2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media 2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences 2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT 2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore 2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity 2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe 2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz 2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation 2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared 2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation 2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar 2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage 2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe 2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini 2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco 2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk 2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi 2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin 2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R Some content of TEMP: ==================== C:\Users\Manuel\AppData\Local\temp\avgnt.exe C:\Users\x203\AppData\Local\temp\Quarantine.exe C:\Users\x203\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 12:49 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-16 21:10:58
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version: - )
Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
16-01-2015 19:20:35 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-01-16 11:03 - 2015-01-16 14:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06DCFC04-6BA5-45A1-A87C-2AB6D5B07FB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {326D759E-1B50-476F-8ACE-CA0912537815} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION
Task: {3807F458-4445-431C-898E-980905E16691} - \TubeSaver-15-updater No Task File <==== ATTENTION
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49D3B875-F572-4023-9D26-A845D020A2F7} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9A209F4B-E899-4C8C-A211-FD8997DFC557} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4884143-8D6C-4A9B-94FB-13419383DF56} - \TubeSaver-15-enabler No Task File <==== ATTENTION
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe
==================== Loaded Modules (whitelisted) =============
2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-09-26 16:35 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-26 16:35 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-26 16:35 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2015 09:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x7f4
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
System errors:
=============
Error: (01/16/2015 09:07:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2015 09:05:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847
Microsoft Office Sessions:
=========================
Error: (01/16/2015 09:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d27f401d031c7d94fa442C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe77a7c0ad-9dbb-11e4-88fb-028037ec0200
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600
Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600
CodeIntegrity Errors:
===================================
Date: 2015-01-16 13:58:16.187
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-16 13:58:16.140
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-14 09:08:57.418
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-14 09:08:57.333
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-09 20:34:06.552
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-09 20:34:05.382
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:40:29.432
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:36:48.011
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-21 15:36:01.740
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-26 20:26:04.283
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 7887.8 MB
Available physical RAM: 4680.63 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 12398.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:21.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)
==================== End Of Log ============================
EIN DICKES DANKE NOCHMAL FÜR DIE MÜHE! |
|
| Themen zu Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet |
| auf werbung umgeleitet, brand, chrome, cyberghost, dankbar, eingefangen, explorer, gefangen, gen, gmer, google, hoffe, konnte, log, log's, malwarebytes, mozilla, nichts, pwmtr64v.dll, reset, spybot, tablet, umgeleitet, webseite, webseiten, werbung, windows, windows 7, xperia, zusammen |
Linear-Darstellung
