Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.01.2015, 18:49   #1
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Hi Zusammen, ich bin brandneu hier und hoffe auf eure Hilfe.

Hab mir Unisales eingefangen und Google konnte bis nun nicht helfen bzg. Mozilla, Chrome, I. Explorer resetten etc. haben nicht geholfen.
ADWCleaner bringt nichts Malwarebytes eben sowenig.
Ich wäre euch außerordentlich dankbar, wenn Ihr mir nen Tipp/ Hilfe hättet. Danke schon mal für eure Zeit. Hier sind meine Log's:

FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 15-01-2015 19:38:23
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
() C:\Users\Manuel\Downloads\Gmer-19357.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (unIsales) - C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma\ [2013-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
U3 pgtyraog; \??\C:\Users\x203\AppData\Local\Temp\pgtyraog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000470 _____ () C:\Users\Manuel\Downloads\defogger_disable.log
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-15 19:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:31 - 2015-01-15 19:31 - 00001106 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:30 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Manuel\Downloads\EmsisoftAntiMalware4799Setup.exe
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:07 - 2015-01-15 19:38 - 00033097 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-15 19:07 - 2015-01-15 19:07 - 00037251 _____ () C:\Users\Manuel\Downloads\Addition.txt
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 19:01 - 2015-01-15 19:01 - 07203008 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\kavremover678.exe
2015-01-15 19:01 - 2015-01-15 19:01 - 00247941 _____ () C:\Users\Manuel\Downloads\kavremvr 2015-01-15 19-01-40 (pid 11508).log
2015-01-15 15:24 - 2015-01-15 15:24 - 00000000 ___SD () C:\ComboFix
2015-01-15 15:18 - 2015-01-15 15:18 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Manuel\Downloads\rkill.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:16 - 2015-01-15 15:16 - 00000681 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-15 15:12 - 2015-01-15 15:12 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-15 15:11 - 05609736 ____R (Swearware) C:\Users\Manuel\Downloads\ComboFix.exe
2015-01-15 15:11 - 2015-01-15 15:11 - 00000000 ____D () C:\Qoobox
2015-01-15 15:10 - 2015-01-15 15:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\tdsskiller.exe
2015-01-15 15:09 - 2015-01-15 15:09 - 02191360 _____ () C:\Users\Manuel\Downloads\AdwCleaner.exe
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-15 10:54 - 00003252 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 10:00 - 2015-01-15 10:00 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe
2015-01-15 09:51 - 2015-01-15 16:10 - 00001025 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-15 15:59 - 00009756 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:33 - 2015-01-15 09:33 - 17709352 _____ (Adobe Systems Inc.) C:\Users\x203\Downloads\Adobe_Air_v16.0.0.245.exe
2015-01-15 09:33 - 2015-01-15 09:33 - 11225840 _____ (SurfRight B.V.) C:\Users\x203\Downloads\Hitman_Pro_(64bit)_v3.7.9.234.exe
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-15 19:38 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:28 - 2015-01-14 10:28 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-14 10:28 - 2015-01-14 10:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-14 10:27 - 2015-01-14 10:27 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-14 10:26 - 2015-01-14 10:26 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-14 10:25 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-14 10:25 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-14 10:25 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-14 10:10 - 2015-01-14 10:25 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 10:10 - 2015-01-14 10:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-15 14:48 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-14 10:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:59 - 44232000 _____ (Lenovo Group Limited ) C:\Users\x203\Downloads\ThinkVantage_Access_Connections_v6.24.exe
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:29 - 2015-01-15 11:31 - 00000000 ____D () C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3   4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3   4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-11 10:32 - 2015-01-11 10:53 - 34121112 _____ (Oracle Corporation) C:\Users\x203\Downloads\Java_Runtime_Environment_(64bit)_v8.0.exe
2015-01-11 10:32 - 2015-01-11 10:53 - 14878640 _____ () C:\Users\x203\Downloads\Glary_Utilities_Pro_v5.16.0.29.exe
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-09 08:56 - 2015-01-09 08:56 - 00000000 ____D () C:\Users\x203\Downloads\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33
2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 19:38 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 19:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 18:55 - 2013-05-15 05:28 - 01858199 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 16:07 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:07 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:06 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-15 16:06 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-15 16:06 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 16:00 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-15 16:00 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 15:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 15:00 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-15 14:59 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:34 - 2014-12-08 10:30 - 00976384 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 10:10 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 09:31 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi
2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin
2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe
C:\Users\Manuel\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfnjov.dll
C:\Users\x203\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49
==================== End Of Log ============================
         
--- --- ---


GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-15 19:43:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.LF1i 167.68GB
Running: Gmer-19357.exe; Driver: C:\Users\x203\AppData\Local\Temp\pgtyraog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                                                     fffff800039bc000 8 bytes [00, 00, 53, 02, 50, 72, 6F, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 464                                                                                     fffff800039bc010 30 bytes [00, 10, 00, 00, 28, 05, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                   0000000073441b41 2 bytes [44, 73]
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                   0000000073441be8 2 bytes [44, 73]
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                   0000000073441c20 2 bytes [44, 73]
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                   0000000073441cd2 2 bytes [44, 73]
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                   0000000073441cf2 2 bytes [44, 73]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\CyberGhost 5\Service.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files\CyberGhost 5\Service.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                      00000000714511a8 2 bytes [45, 71]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                00000000714513a8 2 bytes [45, 71]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                    0000000071451422 2 bytes [45, 71]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                             0000000071451498 2 bytes [45, 71]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                  0000000073441b41 2 bytes [44, 73]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                  0000000073441be8 2 bytes [44, 73]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                  0000000073441c20 2 bytes [44, 73]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                  0000000073441cd2 2 bytes [44, 73]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                  0000000073441cf2 2 bytes [44, 73]
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
?         C:\Windows\system32\mssprxy.dll [5596] entry point in ".rdata" section                                                                                 000000005bfb71e6
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe[1304] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                         0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe[1304] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                        0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe[11056] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                           0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe[11056] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                                    * 2

---- Devices - GMER 2.1 ----

Device    \FileSystem\a2util \Device\A2Util                                                                                                                      fffff880099e6694
Device    \FileSystem\A2DDA \Device\A2 Direct Disk Access                                                                                                        fffff880098e8314
Device    \FileSystem\cleanhlp \Device\{A9CCEF13-54B0-4d3b-B0AD-549A53991942}                                                                                    fffff8800906f3f4

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [5140:5144]                                                                                                              00000000001a8d4e
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7036]                                                                                                              000000006e7dcf5c
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7028]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7224]                                                                                                              000000006e7624a2
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7772]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7972]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:3956]                                                                                                              000000006e80c159
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7204]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7540]                                                                                                              00000000615e784b
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7704]                                                                                                              00000000741732fb
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7280]                                                                                                              000000005958aec5
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7420]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7484]                                                                                                              00000000765cd864
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:11668]                                                                                                             000000005c21871b
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:10744]                                                                                                             000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:12252]                                                                                                             000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:12012]                                                                                                             000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:10868]                                                                                                             000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:9864]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:1608]                                                                                                              000000006e8688ff

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9                                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc                                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a                                                               0x40 0x44 0x2C 0xE0 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)                                                        
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc (not active ControlSet)                                                        
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a                                                                   0x40 0x44 0x2C 0xE0 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         
Beste Grüße
Maga

Geändert von maga84 (15.01.2015 um 19:07 Uhr)

Alt 15.01.2015, 18:50   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 15.01.2015, 19:26   #3
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



hi schrauber,

danke für den Hinweis.

Laut FRST sitzt unter
CHR Extension: (unIsales) - C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma\ [2013-12-30] das Unisales-Problem.

Ich hab es mal entfernt und hoffe, dass es jetzt geht.

Habt Ihr sonst noch was gefunden? Meinen jungfräulichen Log-File Augen entgeht bestimmt einiges. ;-)

Danue und Grüße
Maga
__________________

Alt 16.01.2015, 06:21   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Die Addition.txt von FRST fehlt immer noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.01.2015, 07:30   #5
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Hi schrauber

Die Addition.txt spuckt es mir nicht mehr aus. :-(
nur beim ersten Durchlauf, als ich jedoch nicht als Admin angemeldet war.
Hier ist sie:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by Manuel at 2015-01-15 19:07:53
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{D586BF67-0A61-4572-BE25-07B40C4CEDA1}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-30 21:31 - 00000505 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 	practivate.adobe.com
127.0.0.1 	activate.adobe.com
127.0.0.1 	practivate.adobe.com
127.0.0.1 	ereg.adobe.com
127.0.0.1	activate.wip3.adobe.com
127.0.0.1 	wip3.adobe.com
127.0.0.1	3dns-3.adobe.com
127.0.0.1	3dns-2.adobe.com
127.0.0.1	adobe-dns.adobe.com
127.0.0.1	adobe-dns2.adobe.com
127.0.0.1 	adobe-dns3.adobe.com
127.0.0.1	ereg.wip3.adobe.com
127.0.0.1 	activate-sea.adobe.com
127.0.0.1 	wwis-dubc1-vip60.adobe.com
127.0.0.1 	acitvate-sjc0.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GlaryInitialize 5.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => ?

==================== Loaded Modules (whitelisted) =============

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg:  Malwarebytes Anti-Malware  (cleanup) => "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 04:02:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x1610
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/15/2015 03:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0xb928
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3


System errors:
=============
Error: (01/15/2015 04:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/15/2015 03:59:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014847

Error: (01/15/2015 03:17:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}


Microsoft Office Sessions:
=========================
Error: (01/15/2015 04:02:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d2161001d030d3f5020979C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe8ae80206-9cc7-11e4-9f57-028037ec0200

Error: (01/15/2015 03:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d2b92801d030ce002f504dC:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe3fa047b2-9cc1-11e4-948f-028037ec0200


CodeIntegrity Errors:
===================================
  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-30 22:05:35.495
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 45%
Total physical RAM: 7887.8 MB
Available physical RAM: 4281.45 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 11507.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:18.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         


Alt 16.01.2015, 08:42   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Zitat:
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns2.adobe.com
127.0.0.1 adobe-dns3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 acitvate-sjc0.adobe.com

nicht nett. Kein weiterer Support bis das gecrackte Photoshop entfernt wurde.....
__________________
--> Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet

Alt 16.01.2015, 10:27   #7
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Und Nochmal. Danke für eure Zeit!

Wegen zu vielen Zeichen gesplittet:
GMER - Teil 1
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-16 10:37:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.LF1i 167.68GB
Running: Gmer-19357.exe; Driver: C:\Users\x203\AppData\Local\Temp\pgtyraog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                                                     fffff800039bc000 45 bytes [00, 00, 21, 02, 41, 4C, 50, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495                                                                                     fffff800039bc02f 18 bytes [00, 60, 60, F6, 14, 80, FA, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\SysWOW64\ntdll.dll!RtlFreeActivationContextStack + 271                     0000000077178017 7 bytes JMP 000000010cfa883c
.text     C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\syswow64\kernel32.dll!FreeLibrary + 8                                      0000000075243490 7 bytes JMP 000000010cfa866c
.text     C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19                      0000000075245389 7 bytes JMP 000000010cf581b4
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                   000000005bb21b41 2 bytes [B2, 5B]
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                   000000005bb21be8 2 bytes [B2, 5B]
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                   000000005bb21c20 2 bytes [B2, 5B]
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                   000000005bb21cd2 2 bytes [B2, 5B]
.text     C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                   000000005bb21cf2 2 bytes [B2, 5B]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\CyberGhost 5\Service.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000075521465 2 bytes [52, 75]
.text     C:\Program Files\CyberGhost 5\Service.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                                   0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                             0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                           0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                          0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                       0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                              0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Windows\system32\Dwm.exe[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                              000007fefcd29055 3 bytes [B5, 6F, 06]
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                                       0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                 0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                               0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                              0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                           0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                  0000000076d3db80 6 bytes JMP 0
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                  000007fefcd29055 3 bytes CALL 9000027
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiSetInternalUI                                                                             000007fef6c85c70 6 bytes JMP 37b4c0
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductA                                                                           000007fef6d02ad4 2 bytes [FF, 25]
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductA + 3                                                                       000007fef6d02ad7 3 bytes [D5, 2B, 00]
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductW                                                                           000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                                       000007fefa157b34 6 bytes {JMP QWORD [RIP+0xd84fc]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                       000007fefa1603c0 6 bytes JMP 70000
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                                    000007fefd6b3030 6 bytes {JMP QWORD [RIP+0x192d000]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!connect + 1                                                                               000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x18cba70]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!listen                                                                                    000007fefd6b8290 6 bytes {JMP QWORD [RIP+0x1907da0]}
.text     C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                                000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0x18c1f40]}
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                  000000007713fc20 3 bytes JMP 7175000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                              000000007713fc24 2 bytes JMP 7175000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                           000000007713fc38 3 bytes JMP 716c000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                       000000007713fc3c 2 bytes JMP 716c000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                     000000007713fd64 3 bytes JMP 716f000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                 000000007713fd68 2 bytes JMP 716f000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                   00000000771400b4 3 bytes JMP 7172000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                               00000000771400b8 2 bytes JMP 7172000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                  00000000771401c4 3 bytes JMP 717b000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                              00000000771401c8 2 bytes JMP 717b000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                               0000000077140a44 3 bytes JMP 7178000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                           0000000077140a48 2 bytes JMP 7178000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                             0000000077141920 3 bytes JMP 7169000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                         0000000077141924 2 bytes JMP 7169000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                      0000000075253bbb 3 bytes JMP 7166000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                  0000000075253bbf 2 bytes JMP 7166000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                      0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                              00000000757c70c4 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                              00000000757e3264 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendMessageW                                  0000000076c39679 6 bytes JMP 718d000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!PostMessageW                                  0000000076c412a5 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!PostMessageA                                  0000000076c43baa 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendMessageA                                  0000000076c4612e 6 bytes JMP 7190000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendInput                                     0000000076c5ff4a 3 bytes JMP 7193000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendInput + 4                                 0000000076c5ff4e 2 bytes JMP 7193000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!mouse_event                                   0000000076c9027b 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!keybd_event                                   0000000076c902bf 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                        00000000751f575a 6 bytes JMP 719c000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!connect                                       00000000751f6bdd 6 bytes JMP 71a5000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!listen                                        00000000751fb001 6 bytes JMP 719f000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                    00000000751fcc3f 6 bytes JMP 71a2000a
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                           0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                         0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                        0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                     0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                   0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                            0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                            000007fefcd29055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                    000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                    000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]}
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                          000000007713fc20 3 bytes JMP 718a000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                      000000007713fc24 2 bytes JMP 718a000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                   000000007713fc38 3 bytes JMP 7181000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                               000000007713fc3c 2 bytes JMP 7181000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                             000000007713fd64 3 bytes JMP 7184000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                         000000007713fd68 2 bytes JMP 7184000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                           00000000771400b4 3 bytes JMP 7187000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                       00000000771400b8 2 bytes JMP 7187000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                          00000000771401c4 3 bytes JMP 7190000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                      00000000771401c8 2 bytes JMP 7190000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                       0000000077140a44 3 bytes JMP 718d000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                   0000000077140a48 2 bytes JMP 718d000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                     0000000077141920 3 bytes JMP 717e000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                 0000000077141924 2 bytes JMP 717e000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                              0000000075253bbb 3 bytes JMP 717b000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                          0000000075253bbf 2 bytes JMP 717b000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                              0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendMessageW                                          0000000076c39679 6 bytes JMP 719f000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!PostMessageW                                          0000000076c412a5 6 bytes JMP 7199000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!PostMessageA                                          0000000076c43baa 6 bytes JMP 719c000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendMessageA                                          0000000076c4612e 6 bytes JMP 71a2000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendInput                                             0000000076c5ff4a 3 bytes JMP 71a5000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendInput + 4                                         0000000076c5ff4e 2 bytes JMP 71a5000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!mouse_event                                           0000000076c9027b 6 bytes JMP 71ab000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!keybd_event                                           0000000076c902bf 6 bytes JMP 71a8000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                      00000000757c70c4 6 bytes JMP 7193000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                      00000000757e3264 6 bytes JMP 7196000a
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075521465 2 bytes [52, 75]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                      00000000716d11a8 2 bytes [6D, 71]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                00000000716d13a8 2 bytes [6D, 71]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                    00000000716d1422 2 bytes [6D, 71]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                             00000000716d1498 2 bytes [6D, 71]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                  000000005bb21b41 2 bytes [B2, 5B]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                  000000005bb21be8 2 bytes [B2, 5B]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                  000000005bb21c20 2 bytes [B2, 5B]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                  000000005bb21cd2 2 bytes [B2, 5B]
.text     C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                  000000005bb21cf2 2 bytes [B2, 5B]
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                     0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                     0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                         0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                         000007fefcd29055 3 bytes CALL 9000027
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                           000007fefd6b3030 6 bytes {JMP QWORD [RIP+0x104d000]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!connect + 1                                                                      000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0xfeba70]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!listen                                                                           000007fefd6b8290 6 bytes {JMP QWORD [RIP+0x1027da0]}
.text     C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                       000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0xfe1f40]}
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                    000000007713fc20 3 bytes JMP 717e000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                000000007713fc24 2 bytes JMP 717e000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                             000000007713fc38 3 bytes JMP 7175000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                         000000007713fc3c 2 bytes JMP 7175000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                       000000007713fd64 3 bytes JMP 7178000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                   000000007713fd68 2 bytes JMP 7178000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                     00000000771400b4 3 bytes JMP 717b000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                 00000000771400b8 2 bytes JMP 717b000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                    00000000771401c4 3 bytes JMP 7184000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                00000000771401c8 2 bytes JMP 7184000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                 0000000077140a44 3 bytes JMP 7181000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                             0000000077140a48 2 bytes JMP 7181000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                               0000000077141920 3 bytes JMP 7172000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                           0000000077141924 2 bytes JMP 7172000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                        0000000075253bbb 3 bytes JMP 716f000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                    0000000075253bbf 2 bytes JMP 716f000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                        0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendMessageW                                    0000000076c39679 6 bytes JMP 7193000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!PostMessageW                                    0000000076c412a5 6 bytes JMP 718d000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!PostMessageA                                    0000000076c43baa 6 bytes JMP 7190000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendMessageA                                    0000000076c4612e 6 bytes JMP 7196000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendInput                                       0000000076c5ff4a 3 bytes JMP 7199000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendInput + 4                                   0000000076c5ff4e 2 bytes JMP 7199000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!mouse_event                                     0000000076c9027b 6 bytes JMP 719f000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!keybd_event                                     0000000076c902bf 6 bytes JMP 719c000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                00000000757c70c4 6 bytes JMP 7187000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                00000000757e3264 6 bytes JMP 718a000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                          00000000751f575a 6 bytes JMP 71a2000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!connect                                         00000000751f6bdd 6 bytes JMP 71ab000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!listen                                          00000000751fb001 6 bytes JMP 71a5000a
.text     C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                      00000000751fcc3f 6 bytes JMP 71a8000a
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                             0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                      0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                              0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                             0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                          0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                 0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                 000007fefcd29055 3 bytes [B5, 6F, 26]
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                 000000007713fc20 3 bytes JMP 717e000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                             000000007713fc24 2 bytes JMP 717e000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                          000000007713fc38 3 bytes JMP 7175000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                      000000007713fc3c 2 bytes JMP 7175000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                    000000007713fd64 3 bytes JMP 7178000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                000000007713fd68 2 bytes JMP 7178000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                  00000000771400b4 3 bytes JMP 717b000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                              00000000771400b8 2 bytes JMP 717b000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                 00000000771401c4 3 bytes JMP 7184000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                             00000000771401c8 2 bytes JMP 7184000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                              0000000077140a44 3 bytes JMP 7181000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                          0000000077140a48 2 bytes JMP 7181000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077141920 3 bytes JMP 7172000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                        0000000077141924 2 bytes JMP 7172000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                     0000000075253bbb 3 bytes JMP 716f000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                 0000000075253bbf 2 bytes JMP 716f000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                     0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendMessageW                                                 0000000076c39679 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!PostMessageW                                                 0000000076c412a5 6 bytes JMP 718d000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!PostMessageA                                                 0000000076c43baa 6 bytes JMP 7190000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendMessageA                                                 0000000076c4612e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendInput                                                    0000000076c5ff4a 3 bytes JMP 7199000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                0000000076c5ff4e 2 bytes JMP 7199000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!mouse_event                                                  0000000076c9027b 6 bytes JMP 719f000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!keybd_event                                                  0000000076c902bf 6 bytes JMP 719c000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                             00000000757c70c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                             00000000757e3264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                       00000000751f575a 6 bytes JMP 71a2000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!connect                                                      00000000751f6bdd 6 bytes JMP 71ab000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!listen                                                       00000000751fb001 6 bytes JMP 71a5000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                   00000000751fcc3f 6 bytes JMP 71a8000a
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                               000000007713fc20 3 bytes JMP 7184000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                           000000007713fc24 2 bytes JMP 7184000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                        000000007713fc38 3 bytes JMP 717b000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                    000000007713fc3c 2 bytes JMP 717b000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                  000000007713fd64 3 bytes JMP 717e000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                              000000007713fd68 2 bytes JMP 717e000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                00000000771400b4 3 bytes JMP 7181000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                            00000000771400b8 2 bytes JMP 7181000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                               00000000771401c4 3 bytes JMP 718a000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                           00000000771401c8 2 bytes JMP 718a000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                            0000000077140a44 3 bytes JMP 7187000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                        0000000077140a48 2 bytes JMP 7187000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                          0000000077141920 3 bytes JMP 7178000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                      0000000077141924 2 bytes JMP 7178000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                   0000000075253bbb 3 bytes JMP 7175000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                               0000000075253bbf 2 bytes JMP 7175000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                   0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendMessageW                                               0000000076c39679 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!PostMessageW                                               0000000076c412a5 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!PostMessageA                                               0000000076c43baa 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendMessageA                                               0000000076c4612e 6 bytes JMP 719c000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendInput                                                  0000000076c5ff4a 3 bytes JMP 719f000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendInput + 4                                              0000000076c5ff4e 2 bytes JMP 719f000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!mouse_event                                                0000000076c9027b 6 bytes JMP 71a5000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!keybd_event                                                0000000076c902bf 6 bytes JMP 71a2000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                           00000000757c70c4 6 bytes JMP 718d000a
.text     C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                           00000000757e3264 6 bytes JMP 7190000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                     000000007713fc20 3 bytes JMP 7184000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                                 000000007713fc24 2 bytes JMP 7184000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                              000000007713fc38 3 bytes JMP 717b000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                          000000007713fc3c 2 bytes JMP 717b000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                        000000007713fd64 3 bytes JMP 717e000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                    000000007713fd68 2 bytes JMP 717e000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                      00000000771400b4 3 bytes JMP 7181000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                  00000000771400b8 2 bytes JMP 7181000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                     00000000771401c4 3 bytes JMP 718a000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                                 00000000771401c8 2 bytes JMP 718a000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                  0000000077140a44 3 bytes JMP 7187000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                              0000000077140a48 2 bytes JMP 7187000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                0000000077141920 3 bytes JMP 7178000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                            0000000077141924 2 bytes JMP 7178000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                         0000000075253bbb 3 bytes JMP 7175000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                                     0000000075253bbf 2 bytes JMP 7175000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                         0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                     0000000076c39679 6 bytes JMP 7199000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                     0000000076c412a5 6 bytes JMP 7193000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                     0000000076c43baa 6 bytes JMP 7196000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                     0000000076c4612e 6 bytes JMP 719c000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendInput                                                                        0000000076c5ff4a 3 bytes JMP 719f000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                    0000000076c5ff4e 2 bytes JMP 719f000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!mouse_event                                                                      0000000076c9027b 6 bytes JMP 71a5000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!keybd_event                                                                      0000000076c902bf 6 bytes JMP 71a2000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                 00000000757c70c4 6 bytes JMP 718d000a
.text     C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                 00000000757e3264 6 bytes JMP 7190000a
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                        000000007713fc20 3 bytes JMP 718a000a
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                                    000000007713fc24 2 bytes JMP 718a000a
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                 000000007713fc38 3 bytes JMP 7181000a
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                             000000007713fc3c 2 bytes JMP 7181000a
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                           000000007713fd64 3 bytes [FF, 25, 1E]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                       000000007713fd68 2 bytes [83, 71]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                         00000000771400b4 3 bytes JMP 7187000a
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                     00000000771400b8 2 bytes JMP 7187000a
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                        00000000771401c4 3 bytes [FF, 25, 1E]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                                    00000000771401c8 2 bytes [8F, 71]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                     0000000077140a44 3 bytes [FF, 25, 1E]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                                 0000000077140a48 2 bytes [8C, 71]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                   0000000077141920 3 bytes [FF, 25, 1E]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                               0000000077141924 2 bytes [7D, 71]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW                                                            0000000075253bbb 3 bytes [FF, 25, 1E]
.text     C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4                                                        0000000075253bbf 2 bytes [7A, 71]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                               000000007713fc20 3 bytes JMP 718a000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                           000000007713fc24 2 bytes JMP 718a000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                        000000007713fc38 3 bytes JMP 7181000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                    000000007713fc3c 2 bytes JMP 7181000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                  000000007713fd64 3 bytes JMP 7184000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                              000000007713fd68 2 bytes JMP 7184000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                00000000771400b4 3 bytes JMP 7187000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                            00000000771400b8 2 bytes JMP 7187000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                               00000000771401c4 3 bytes JMP 7190000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                           00000000771401c8 2 bytes JMP 7190000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                            0000000077140a44 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                        0000000077140a48 2 bytes [8C, 71]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                          0000000077141920 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                      0000000077141924 2 bytes [7D, 71]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                   0000000075253bbb 3 bytes JMP 717b000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                               0000000075253bbf 2 bytes JMP 717b000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                   0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                           00000000757c70c4 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                           00000000757e3264 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendMessageW                                               0000000076c39679 6 bytes JMP 719f000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!PostMessageW                                               0000000076c412a5 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!PostMessageA                                               0000000076c43baa 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendMessageA                                               0000000076c4612e 6 bytes {JMP QWORD [RIP+0x71a1001e]}
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendInput                                                  0000000076c5ff4a 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendInput + 4                                              0000000076c5ff4e 2 bytes [A4, 71]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!mouse_event                                                0000000076c9027b 6 bytes {JMP QWORD [RIP+0x71aa001e]}
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!keybd_event                                                0000000076c902bf 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                               0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                         0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                       0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                      0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                   0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                          0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                          000007fefcd29055 3 bytes CALL 0
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                        0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                           0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                         0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                        0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                     0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                   0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                            0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                            000007fefcd29055 3 bytes CALL 9000027
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                000000007713fc20 3 bytes JMP 718a000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                            000000007713fc24 2 bytes JMP 718a000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                         000000007713fc38 3 bytes JMP 7181000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                     000000007713fc3c 2 bytes JMP 7181000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                   000000007713fd64 3 bytes JMP 7184000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                               000000007713fd68 2 bytes JMP 7184000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                 00000000771400b4 3 bytes JMP 7187000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                             00000000771400b8 2 bytes JMP 7187000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                00000000771401c4 3 bytes JMP 7190000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                            00000000771401c8 2 bytes JMP 7190000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                             0000000077140a44 3 bytes JMP 718d000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                         0000000077140a48 2 bytes JMP 718d000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                           0000000077141920 3 bytes JMP 717e000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                       0000000077141924 2 bytes JMP 717e000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                    0000000075253bbb 3 bytes JMP 717b000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                0000000075253bbf 2 bytes JMP 717b000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                    0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                            00000000757c70c4 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                            00000000757e3264 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendMessageW                                0000000076c39679 6 bytes JMP 719f000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!PostMessageW                                0000000076c412a5 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!PostMessageA                                0000000076c43baa 6 bytes JMP 719c000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendMessageA                                0000000076c4612e 6 bytes JMP 71a2000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendInput                                   0000000076c5ff4a 3 bytes JMP 71a5000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendInput + 4                               0000000076c5ff4e 2 bytes JMP 71a5000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!mouse_event                                 0000000076c9027b 6 bytes JMP 71ab000a
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!keybd_event                                 0000000076c902bf 6 bytes JMP 71a8000a
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                           0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                         0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                        0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                     0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                   0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                            0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                            000007fefcd29055 3 bytes CALL 9000027
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                     0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                     0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                         0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                 000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]}
.text     C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                 000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]}
.text     C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                       0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                          0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                        0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                       0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                    0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                           0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
         

Alt 16.01.2015, 10:28   #8
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



GMER - Teil 2
Code:
ATTFilter
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                          0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                    0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                  0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                 0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                              0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                     0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                     000007fefcd29055 3 bytes CALL 9000027
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                            000000007713fc20 3 bytes JMP 7178000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                        000000007713fc24 2 bytes JMP 7178000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                     000000007713fc38 3 bytes JMP 716f000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                 000000007713fc3c 2 bytes JMP 716f000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                               000000007713fd64 3 bytes JMP 7172000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                           000000007713fd68 2 bytes JMP 7172000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                             00000000771400b4 3 bytes JMP 7175000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                         00000000771400b8 2 bytes JMP 7175000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                            00000000771401c4 3 bytes JMP 717e000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                        00000000771401c8 2 bytes JMP 717e000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                         0000000077140a44 3 bytes JMP 717b000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                     0000000077140a48 2 bytes JMP 717b000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                       0000000077141920 3 bytes JMP 716c000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                   0000000077141924 2 bytes JMP 716c000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                0000000075253bbb 3 bytes JMP 7169000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                            0000000075253bbf 2 bytes JMP 7169000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendMessageW                                            0000000076c39679 6 bytes JMP 718d000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!PostMessageW                                            0000000076c412a5 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!PostMessageA                                            0000000076c43baa 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendMessageA                                            0000000076c4612e 6 bytes JMP 7190000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendInput                                               0000000076c5ff4a 3 bytes JMP 7193000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendInput + 4                                           0000000076c5ff4e 2 bytes JMP 7193000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!mouse_event                                             0000000076c9027b 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\USER32.dll!keybd_event                                             0000000076c902bf 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                        00000000757c70c4 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                        00000000757e3264 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                  00000000751f575a 6 bytes JMP 719c000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!connect                                                 00000000751f6bdd 6 bytes JMP 71a5000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!listen                                                  00000000751fb001 6 bytes JMP 719f000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                              00000000751fcc3f 6 bytes JMP 71a2000a
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                000000007713fc20 3 bytes JMP 718a000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                            000000007713fc24 2 bytes JMP 718a000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                         000000007713fc38 3 bytes JMP 7181000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                     000000007713fc3c 2 bytes JMP 7181000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                   000000007713fd64 3 bytes JMP 7184000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                               000000007713fd68 2 bytes JMP 7184000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                 00000000771400b4 3 bytes JMP 7187000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                             00000000771400b8 2 bytes JMP 7187000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                00000000771401c4 3 bytes JMP 7190000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                            00000000771401c8 2 bytes JMP 7190000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                             0000000077140a44 3 bytes JMP 718d000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                         0000000077140a48 2 bytes JMP 718d000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                           0000000077141920 3 bytes JMP 717e000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                       0000000077141924 2 bytes JMP 717e000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                    0000000075253bbb 3 bytes JMP 717b000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                                0000000075253bbf 2 bytes JMP 717b000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                    0000000076862c9e 4 bytes CALL 71af0000
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                            00000000757c70c4 6 bytes JMP 7193000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                            00000000757e3264 6 bytes JMP 7196000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                0000000076c39679 6 bytes JMP 719f000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                0000000076c412a5 6 bytes JMP 7199000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                0000000076c43baa 6 bytes JMP 719c000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                0000000076c4612e 6 bytes JMP 71a2000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendInput                                                                   0000000076c5ff4a 3 bytes JMP 71a5000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                               0000000076c5ff4e 2 bytes JMP 71a5000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!mouse_event                                                                 0000000076c9027b 6 bytes JMP 71ab000a
.text     C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!keybd_event                                                                 0000000076c902bf 6 bytes JMP 71a8000a
.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[7960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[7960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                     0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                     0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                         0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                         000007fefcd29055 3 bytes [B5, 6F, 06]
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                              000007fefa157b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                              000007fefa1603c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                           000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!connect + 1                                                                      000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!listen                                                                           000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text     C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                       000007fefd6de0f0 6 bytes JMP 0
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                 0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                           0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                         0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                        0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                     0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                   0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                            0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                            000007fefcd29055 3 bytes [B5, 6F, 06]
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                               0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                         0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                       0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                      0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                   0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                          0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\Windows\system32\taskeng.exe[7668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                          000007fefcd29055 3 bytes [B5, 6F, 06]
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                       0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                          0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                        0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                       0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                    0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                  0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                           000007fefcd29055 3 bytes [B5, 6F, 08]
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                             000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!connect + 1                                        000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!listen                                             000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!WSAConnect                                         000007fefd6de0f0 6 bytes JMP 22000000
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiSetInternalUI                                      000007fef6c85c70 6 bytes {JMP QWORD [RIP+0x37a3c0]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductA                                    000007fef6d02ad4 2 bytes [FF, 25]
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductA + 3                                000007fef6d02ad7 3 bytes [D5, 2B, 00]
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductW                                    000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                      0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                               0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                         0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                       0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                      0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                   0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                 0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                          000007fefcd29055 3 bytes [B5, 6F, 2A]
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                            000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!connect + 1                                       000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!listen                                            000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!WSAConnect                                        000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0x61f40]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiSetInternalUI                                     000007fef6c85c70 6 bytes {JMP QWORD [RIP+0x37a3c0]}
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductA                                   000007fef6d02ad4 2 bytes [FF, 25]
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductA + 3                               000007fef6d02ad7 3 bytes [D5, 2B, 00]
.text     c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductW                                   000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                     0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                     0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                         0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                         000007fefcd29055 3 bytes [B5, 6F, 06]
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                 000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                 000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]}
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                000000007713fc20 3 bytes JMP 718a000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                            000000007713fc24 2 bytes JMP 718a000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                         000000007713fc38 3 bytes JMP 7181000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                     000000007713fc3c 2 bytes JMP 7181000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                   000000007713fd64 3 bytes JMP 7184000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                               000000007713fd68 2 bytes JMP 7184000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                 00000000771400b4 3 bytes JMP 7187000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                             00000000771400b8 2 bytes JMP 7187000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                00000000771401c4 3 bytes JMP 7190000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                            00000000771401c8 2 bytes JMP 7190000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                             0000000077140a44 3 bytes JMP 718d000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                         0000000077140a48 2 bytes JMP 718d000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                           0000000077141920 3 bytes JMP 717e000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                       0000000077141924 2 bytes JMP 717e000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                    0000000075253bbb 3 bytes JMP 717b000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                0000000075253bbf 2 bytes JMP 717b000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                    0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendMessageW                                                0000000076c39679 6 bytes JMP 719f000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!PostMessageW                                                0000000076c412a5 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!PostMessageA                                                0000000076c43baa 6 bytes JMP 719c000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendMessageA                                                0000000076c4612e 6 bytes JMP 71a2000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendInput                                                   0000000076c5ff4a 3 bytes JMP 71a5000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendInput + 4                                               0000000076c5ff4e 2 bytes JMP 71a5000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!mouse_event                                                 0000000076c9027b 6 bytes JMP 71ab000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!keybd_event                                                 0000000076c902bf 6 bytes JMP 71a8000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                            00000000757c70c4 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                            00000000757e3264 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                             000000007713fc20 3 bytes JMP 718a000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                         000000007713fc24 2 bytes JMP 718a000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                      000000007713fc38 3 bytes JMP 7181000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                  000000007713fc3c 2 bytes JMP 7181000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                000000007713fd64 3 bytes JMP 7184000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                            000000007713fd68 2 bytes JMP 7184000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                              00000000771400b4 3 bytes JMP 7187000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                          00000000771400b8 2 bytes JMP 7187000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                             00000000771401c4 3 bytes JMP 7190000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                         00000000771401c8 2 bytes JMP 7190000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                          0000000077140a44 3 bytes JMP 718d000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                      0000000077140a48 2 bytes JMP 718d000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                        0000000077141920 3 bytes JMP 717e000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                    0000000077141924 2 bytes JMP 717e000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                 0000000075253bbb 3 bytes JMP 717b000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                             0000000075253bbf 2 bytes JMP 717b000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                 0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                         00000000757c70c4 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                         00000000757e3264 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendMessageW                                             0000000076c39679 6 bytes JMP 719f000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!PostMessageW                                             0000000076c412a5 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!PostMessageA                                             0000000076c43baa 6 bytes JMP 719c000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendMessageA                                             0000000076c4612e 6 bytes JMP 71a2000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendInput                                                0000000076c5ff4a 3 bytes JMP 71a5000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendInput + 4                                            0000000076c5ff4e 2 bytes JMP 71a5000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!mouse_event                                              0000000076c9027b 6 bytes JMP 71ab000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!keybd_event                                              0000000076c902bf 6 bytes JMP 71a8000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                   00000000751f575a 6 bytes JMP 716d000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!connect                                                  00000000751f6bdd 6 bytes JMP 7176000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!listen                                                   00000000751fb001 6 bytes JMP 7170000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                               00000000751fcc3f 6 bytes JMP 7173000a
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                         000000007713fc20 3 bytes JMP 718a000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                     000000007713fc24 2 bytes JMP 718a000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                  000000007713fc38 3 bytes JMP 7181000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                              000000007713fc3c 2 bytes JMP 7181000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                            000000007713fd64 3 bytes JMP 7184000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                        000000007713fd68 2 bytes JMP 7184000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                          00000000771400b4 3 bytes JMP 7187000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                      00000000771400b8 2 bytes JMP 7187000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                         00000000771401c4 3 bytes JMP 7190000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                     00000000771401c8 2 bytes JMP 7190000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                      0000000077140a44 3 bytes JMP 718d000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                  0000000077140a48 2 bytes JMP 718d000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    0000000077141920 3 bytes JMP 717e000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                0000000077141924 2 bytes JMP 717e000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                             0000000075253bbb 3 bytes JMP 717b000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                         0000000075253bbf 2 bytes JMP 717b000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                             0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendMessageW                                         0000000076c39679 6 bytes JMP 719f000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!PostMessageW                                         0000000076c412a5 6 bytes JMP 7199000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!PostMessageA                                         0000000076c43baa 6 bytes JMP 719c000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendMessageA                                         0000000076c4612e 6 bytes JMP 71a2000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendInput                                            0000000076c5ff4a 3 bytes JMP 71a5000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendInput + 4                                        0000000076c5ff4e 2 bytes JMP 71a5000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!mouse_event                                          0000000076c9027b 6 bytes JMP 71ab000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!keybd_event                                          0000000076c902bf 6 bytes JMP 71a8000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                     00000000757c70c4 6 bytes JMP 7193000a
.text     C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                     00000000757e3264 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[8516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[8516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[8696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075521465 2 bytes [52, 75]
.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[8696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000755214bb 2 bytes [52, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                             000000007713fc20 3 bytes JMP 718a000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                         000000007713fc24 2 bytes JMP 718a000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                      000000007713fc38 3 bytes JMP 7181000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                  000000007713fc3c 2 bytes JMP 7181000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                000000007713fd64 3 bytes JMP 7184000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                            000000007713fd68 2 bytes JMP 7184000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                              00000000771400b4 3 bytes JMP 7187000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                          00000000771400b8 2 bytes JMP 7187000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                             00000000771401c4 3 bytes JMP 7190000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                         00000000771401c8 2 bytes JMP 7190000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                          0000000077140a44 3 bytes JMP 718d000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                      0000000077140a48 2 bytes JMP 718d000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                        0000000077141920 3 bytes JMP 717e000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                    0000000077141924 2 bytes JMP 717e000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                 0000000075253bbb 3 bytes JMP 717b000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                             0000000075253bbf 2 bytes JMP 717b000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                 0000000076862c9e 4 bytes CALL 71af0000
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendMessageW                                                             0000000076c39679 6 bytes JMP 719f000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!PostMessageW                                                             0000000076c412a5 6 bytes JMP 7199000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!PostMessageA                                                             0000000076c43baa 6 bytes JMP 719c000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendMessageA                                                             0000000076c4612e 6 bytes JMP 71a2000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendInput                                                                0000000076c5ff4a 3 bytes JMP 71a5000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                            0000000076c5ff4e 2 bytes JMP 71a5000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!mouse_event                                                              0000000076c9027b 6 bytes JMP 71ab000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!keybd_event                                                              0000000076c902bf 6 bytes JMP 71a8000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                         00000000757c70c4 6 bytes JMP 7193000a
.text     C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                         00000000757e3264 6 bytes JMP 7196000a

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [4860:4864]                                                                                                              0000000001068d4e
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:7948]                                                                                                              000000006e79cf5c
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:7956]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8004]                                                                                                              000000006e7224a2
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:7772]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:5692]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:1540]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:2012]                                                                                                              000000006e7cc159
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:3688]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8200]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8412]                                                                                                              000000006f4c784b
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8548]                                                                                                              0000000056c1aec5
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:692]                                                                                                               000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:708]                                                                                                               0000000074ead864
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8552]                                                                                                              0000000072b232fb
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:5552]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:6004]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:3944]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:7740]                                                                                                              000000006e8288ff

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9                                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc                                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a                                                               0x40 0x44 0x2C 0xE0 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)                                                        
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc (not active ControlSet)                                                        
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a                                                                   0x40 0x44 0x2C 0xE0 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         

Alt 16.01.2015, 10:30   #9
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 16-01-2015 11:17:24
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 11:13 - 2015-01-16 11:13 - 00057924 _____ () C:\Users\Manuel\Downloads\Addition.txt
2015-01-16 11:12 - 2015-01-16 11:17 - 00034967 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt
2015-01-16 10:25 - 2015-01-16 10:25 - 00000470 _____ () C:\Users\Manuel\Downloads\defogger_disable.log
2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp
2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-16 10:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:31 - 2015-01-15 19:31 - 00001106 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:30 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Manuel\Downloads\EmsisoftAntiMalware4799Setup.exe
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 19:01 - 2015-01-15 19:01 - 07203008 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\kavremover678.exe
2015-01-15 19:01 - 2015-01-15 19:01 - 00247941 _____ () C:\Users\Manuel\Downloads\kavremvr 2015-01-15 19-01-40 (pid 11508).log
2015-01-15 15:24 - 2015-01-15 15:24 - 00000000 ___SD () C:\ComboFix
2015-01-15 15:18 - 2015-01-15 15:18 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Manuel\Downloads\rkill.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:16 - 2015-01-15 15:16 - 00000681 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-15 15:12 - 2015-01-15 15:12 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-15 15:11 - 05609736 ____R (Swearware) C:\Users\Manuel\Downloads\ComboFix.exe
2015-01-15 15:11 - 2015-01-15 15:11 - 00000000 ____D () C:\Qoobox
2015-01-15 15:10 - 2015-01-15 15:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\tdsskiller.exe
2015-01-15 15:09 - 2015-01-15 15:09 - 02191360 _____ () C:\Users\Manuel\Downloads\AdwCleaner.exe
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-15 10:54 - 00003252 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 10:00 - 2015-01-15 10:00 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe
2015-01-15 09:51 - 2015-01-16 11:08 - 00001957 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-16 10:41 - 00011536 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-16 11:17 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:28 - 2015-01-14 10:28 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-14 10:28 - 2015-01-14 10:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-14 10:27 - 2015-01-14 10:27 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-14 10:26 - 2015-01-14 10:26 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-14 10:25 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-14 10:25 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-14 10:25 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-14 10:10 - 2015-01-14 10:25 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 10:10 - 2015-01-14 10:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-15 14:48 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-14 10:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3   4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3   4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33
2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 11:16 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-16 11:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 11:01 - 2013-05-15 05:28 - 01964081 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 10:59 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:49 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 10:49 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 10:48 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 10:48 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 10:48 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 10:42 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-16 10:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop
2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe
2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-15 20:22 - 2014-12-08 10:30 - 00989184 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 10:10 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 09:31 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi
2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin
2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe
C:\Users\Manuel\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfnjov.dll
C:\Users\x203\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---


ADDITION

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-16 11:13:12
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-16 11:03 - 2015-01-16 11:10 - 00000883 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {326D759E-1B50-476F-8ACE-CA0912537815} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION
Task: {3807F458-4445-431C-898E-980905E16691} - \TubeSaver-15-updater No Task File <==== ATTENTION
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49D3B875-F572-4023-9D26-A845D020A2F7} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {776C12F0-5401-4A1A-AEF9-723003F413BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {861B78BE-2733-43B6-AAE8-3C9E1D9492F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4884143-8D6C-4A9B-94FB-13419383DF56} - \TubeSaver-15-enabler No Task File <==== ATTENTION
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe

==================== Loaded Modules (whitelisted) =============

2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-05 06:18 - 2015-01-05 06:18 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg:  Malwarebytes Anti-Malware  (cleanup) => "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 11:11:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WISPTIS.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a4e0
Name des fehlerhaften Moduls: WISPTIS.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a4e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000036e8a
ID des fehlerhaften Prozesses: 0x3b2c
Startzeit der fehlerhaften Anwendung: 0xWISPTIS.EXE0
Pfad der fehlerhaften Anwendung: WISPTIS.EXE1
Pfad des fehlerhaften Moduls: WISPTIS.EXE2
Berichtskennung: WISPTIS.EXE3

Error: (01/16/2015 11:00:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x32b8
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/16/2015 10:58:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x2a3c
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/16/2015 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x12f4
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (01/16/2015 11:02:44 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (01/16/2015 10:43:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 10:31:46 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 10:25:33 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 10:23:48 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x0000000080000004, 0xfffff80003b94470, 0xfffff88002f84b90, 0x0000000000000000)C:\Windows\MEMORY.DMP011615-8845-01

Error: (01/16/2015 10:23:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎01.‎2015 um 10:21:59 unerwartet heruntergefahren.

Error: (01/16/2015 10:17:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 08:27:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 08:25:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014847

Error: (01/15/2015 08:40:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll


Microsoft Office Sessions:
=========================
Error: (01/16/2015 11:11:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WISPTIS.EXE6.1.7601.175144ce7a4e0WISPTIS.EXE6.1.7601.175144ce7a4e0c00000050000000000036e8a3b2c01d03174c4cbd7caC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\SYSTEM32\WISPTIS.EXE060a7314-9d68-11e4-9e9c-028037ec0200

Error: (01/16/2015 11:00:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d232b801d031733557ccd3C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe744ec682-9d66-11e4-9e9c-028037ec0200

Error: (01/16/2015 10:58:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d22a3c01d03172ecd6dcecC:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe32a99d71-9d66-11e4-9e9c-028037ec0200

Error: (01/16/2015 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d212f401d03170b740d149C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe451739dc-9d64-11e4-9e9c-028037ec0200

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600


CodeIntegrity Errors:
===================================
  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-30 22:05:35.495
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 7887.8 MB
Available physical RAM: 4500.52 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 10957.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:20.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

==================== End Of Log ============================
         

Alt 16.01.2015, 10:56   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Hast Du den Chrome mit als unfertige Developer Version installiert?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.01.2015, 11:02   #11
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Eigentlich nein. Habe das "normale" chrome runter geladen und in Verwendung.

Alt 16.01.2015, 11:09   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



eben nicht. Deine Chrome Version wiurde von adware in Dev geändert, so lässt sich die andere Adware leichter installieren . Du surfst ja auch über nen Malware-Proxy.


Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.01.2015, 16:50   #13
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Wow, danke für deine schnelle Hilfe.
So, hab es hinbekommen.
hier die Combofix Log-Datei

Code:
ATTFilter
ComboFix 15-01-08.01 - x203 16.01.2015  15:28:00.5.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.7888.5768 [GMT 1:00]
ausgeführt von:: c:\users\Manuel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\1386885237.bdinstall.bin
c:\programdata\Roaming
c:\users\Manuel\AppData\Local\assembly\tmp
c:\users\x203\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-16 bis 2015-01-16  ))))))))))))))))))))))))))))))
.
.
2015-01-16 14:40 . 2015-01-16 14:40	--------	d-----w-	c:\users\x203\AppData\Local\temp
2015-01-16 11:38 . 2015-01-16 11:38	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2015-01-16 11:36 . 2015-01-16 11:36	--------	d-----w-	c:\program files (x86)\Revo Uninstaller
2015-01-16 07:30 . 2014-12-15 03:13	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{36BBD20A-98D5-418C-AC94-BE847FBF5344}\mpengine.dll
2015-01-15 18:55 . 2015-01-15 18:55	--------	d-----w-	c:\programdata\Emsisoft
2015-01-15 18:31 . 2015-01-16 12:46	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2015-01-15 14:12 . 2015-01-15 14:12	--------	d-----w-	c:\windows\ERUNT
2015-01-15 13:49 . 2015-01-15 13:49	--------	d-----w-	c:\programdata\Avg_Update_1014av
2015-01-15 13:24 . 2015-01-15 13:24	12872	----a-w-	c:\windows\system32\bootdelete.exe
2015-01-15 09:54 . 2015-01-15 09:54	--------	d-----w-	c:\programdata\GridinSoft
2015-01-15 09:51 . 2015-01-15 14:02	--------	d-----w-	c:\users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 09:46 . 2015-01-15 09:46	--------	d-----w-	c:\program files (x86)\ESET
2015-01-14 13:02 . 2015-01-16 10:17	--------	d-----w-	C:\FRST
2015-01-14 11:16 . 2015-01-14 11:16	--------	d-----w-	C:\_OTL
2015-01-14 11:08 . 2015-01-14 11:08	--------	d-sh--w-	c:\users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 09:28 . 2015-01-14 09:27	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-01-14 09:28 . 2015-01-14 09:28	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Avira
2015-01-14 09:27 . 2015-01-14 09:27	--------	d-----w-	c:\users\x203\AppData\Roaming\Avira
2015-01-14 09:25 . 2014-11-24 09:23	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-01-14 09:25 . 2014-11-24 09:23	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-01-14 09:25 . 2014-11-24 09:23	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-01-14 09:10 . 2015-01-14 09:25	--------	d-----w-	c:\programdata\Avira
2015-01-14 08:54 . 2015-01-15 13:24	--------	d-----w-	c:\program files\HitmanPro
2015-01-14 08:08 . 2015-01-14 08:08	--------	d-----w-	c:\programdata\Network Associates
2015-01-14 08:07 . 2015-01-14 08:08	--------	d-----w-	c:\program files (x86)\Common Files\Network Associates
2015-01-14 08:06 . 2015-01-14 08:23	--------	d-----w-	c:\windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 08:03 . 2015-01-15 13:48	--------	d-----w-	C:\AdwCleaner
2015-01-13 17:36 . 2015-01-13 17:36	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2015-01-13 17:34 . 2015-01-14 09:25	--------	d-----w-	c:\program files (x86)\Avira
2015-01-13 16:29 . 2015-01-13 17:39	--------	d-----w-	c:\programdata\AVAST Software
2015-01-13 15:58 . 2015-01-13 15:58	--------	d-----w-	c:\users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 10:48 . 2015-01-13 10:48	--------	d-----w-	c:\users\x203\AppData\Local\Avg2014
2015-01-12 16:44 . 2015-01-13 14:21	--------	d-----w-	c:\users\Manuel\AppData\Local\Android
2015-01-12 15:03 . 2015-01-12 23:23	--------	d-----w-	C:\Flashtool
2015-01-10 20:11 . 2015-01-13 08:22	--------	d-----w-	c:\programdata\Sony Mobile
2015-01-10 19:52 . 2015-01-10 19:52	--------	d-----w-	c:\users\x203\.android
2015-01-10 19:38 . 2015-01-10 19:38	--------	d-----w-	c:\users\x203\.swt
2015-01-10 16:15 . 2015-01-10 16:15	30424	----a-w-	c:\windows\system32\drivers\ggsomc.sys
2015-01-10 16:15 . 2015-01-10 16:15	16088	----a-w-	c:\windows\system32\drivers\ggflt.sys
2015-01-10 12:49 . 2015-01-10 12:49	--------	d-----w-	c:\users\Manuel\.jmc
2015-01-10 12:49 . 2015-01-10 12:49	--------	d-----w-	c:\users\Manuel\.eclipse
2015-01-10 12:39 . 2015-01-10 12:39	--------	d-----w-	c:\users\x203\.AndroidStudio
2015-01-10 12:39 . 2015-01-10 12:39	--------	d-----w-	c:\users\Manuel\.AndroidStudio
2015-01-10 12:34 . 2015-01-13 11:25	--------	d-----w-	c:\program files\Android
2015-01-10 12:32 . 2015-01-11 10:01	312728	----a-w-	c:\windows\system32\javaws.exe
2015-01-10 12:32 . 2015-01-11 10:02	111000	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-10 12:32 . 2015-01-11 10:01	191384	----a-w-	c:\windows\system32\javaw.exe
2015-01-10 12:32 . 2015-01-11 10:01	190872	----a-w-	c:\windows\system32\java.exe
2015-01-10 12:31 . 2015-01-11 10:01	--------	d-----w-	c:\program files\Java
2015-01-09 07:59 . 2015-01-09 08:00	--------	d-----w-	c:\programdata\Stardock
2015-01-08 17:57 . 2015-01-10 18:38	--------	d-----w-	c:\programdata\SP_FT_Logs
2015-01-08 17:24 . 2015-01-08 18:49	--------	d-----w-	c:\users\Manuel\AppData\Roaming\GHISLER
2015-01-08 17:24 . 2015-01-08 20:00	--------	d-----w-	c:\program files (x86)\totalcmd
2015-01-08 17:24 . 2015-01-08 17:24	--------	d-----w-	c:\users\x203\AppData\Roaming\GHISLER
2015-01-07 14:19 . 2015-01-07 14:19	--------	d-----w-	c:\users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 14:18 . 2015-01-07 14:18	--------	d-----w-	c:\users\Manuel\AppData\Roaming\EIZO
2015-01-07 14:18 . 2015-01-07 14:18	--------	d-----w-	c:\users\x203\AppData\Roaming\EIZO
2015-01-07 14:18 . 2015-01-11 09:30	--------	d-----w-	c:\program files (x86)\EIZO
2015-01-07 14:17 . 2015-01-10 10:22	--------	d-----w-	c:\users\x203\AppData\Local\Downloaded Installations
2015-01-06 09:30 . 2015-01-06 09:30	--------	d-----w-	c:\users\Manuel\AppData\Local\Foxit Reader
2015-01-02 12:44 . 2015-01-02 12:47	--------	d-----w-	c:\users\Manuel\AppData\Local\CyberGhost
2015-01-02 12:44 . 2015-01-02 12:44	--------	d-----w-	c:\program files\TAP-Windows
2015-01-02 12:44 . 2015-01-02 12:44	--------	d-----w-	c:\program files\CyberGhost 5
2014-12-18 09:48 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-18 09:48 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-17 18:38 . 2014-12-17 18:38	--------	d-----w-	c:\users\Manuel\AppData\Roaming\FreeCommander
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 09:58 . 2014-09-15 17:48	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 16:07 . 2013-11-19 11:33	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 16:07 . 2013-11-19 11:33	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 10:11 . 2013-10-21 20:44	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-13 10:46 . 2014-05-30 08:05	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2015-01-08 08:55 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-04 02:50 . 2014-12-11 08:11	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 08:11	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 08:11	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 08:11	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 08:11	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 08:11	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 08:11	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 08:11	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 08:10	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-23 16:36 . 2014-01-02 17:02	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-22 03:13 . 2014-12-11 08:10	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 08:10	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 08:10	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 08:10	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 08:10	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 08:10	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 08:10	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 08:10	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 08:10	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 08:10	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 08:10	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 08:10	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 08:10	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 08:10	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 08:10	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 08:10	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 08:10	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 08:10	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 08:10	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 08:10	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 08:10	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 08:10	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 08:10	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 08:10	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 08:10	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 08:10	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 08:10	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 08:10	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 08:10	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 08:10	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 08:10	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 08:10	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 08:10	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 08:10	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 08:10	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 08:10	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 08:10	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 08:10	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 08:10	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-09-15 17:47	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-09-15 17:47	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-09-15 17:47	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-18 19:47 . 2014-11-18 19:47	1691816	----a-w-	c:\windows\system32\FM20.DLL
2014-11-14 05:07 . 2013-05-15 04:27	2692848	------w-	c:\windows\PWMBTHLV.EXE
2014-11-14 05:07 . 2013-05-15 04:27	29512	----a-w-	c:\windows\system32\drivers\DZHDD64.SYS
2014-11-14 05:07 . 2013-05-15 04:27	2861296	----a-w-	c:\windows\system32\PWMCP64V.cpl
2014-11-14 05:07 . 2013-05-15 04:27	20736	----a-w-	c:\windows\system32\drivers\TPPWR64V.SYS
2014-11-11 03:09 . 2014-12-11 08:10	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:48	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:48	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 08:10	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:48	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:48	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 08:10	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 08:08	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 08:08	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 08:08	165888	----a-w-	c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 08:08	155136	----a-w-	c:\windows\SysWow64\charmap.exe
2014-10-28 14:59 . 2014-09-26 15:37	20160	----a-w-	c:\windows\system32\drivers\GUBootStartup.sys
2014-10-25 01:57 . 2014-11-12 08:28	77824	----a-w-	c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 08:28	67584	----a-w-	c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-11-14 6371568]
.
c:\users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2014-9-16 222384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EIZO ScreenSlicer.lnk - c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe [2015-1-7 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk * 
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Lenovo Registration"=c:\program files (x86)\Lenovo Registration\LenovoReg.exe /boot
"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
"PWMTRV"=rundll32 "c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R4 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe;c:\program files\Tablet\ISD\ISD_Tablet.exe [x]
S2 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [x]
S2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe;c:\program files\Tablet\ISD\ISD_TouchService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WebUpdate4;Web Update Wizard Service V4;c:\program files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe;c:\program files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 WTabletServiceISD;Wacom ISD Service;c:\program files\Tablet\ISD\WTabletServiceISD.exe;c:\program files\Tablet\ISD\WTabletServiceISD.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 l36wscard; Mobile Broadband USIM Port;c:\windows\system32\DRIVERS\l36wscard.sys;c:\windows\SYSNATIVE\DRIVERS\l36wscard.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys;c:\windows\SYSNATIVE\DRIVERS\WacomVTHid.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19 16:07]
.
2015-01-16 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05 05:16]
.
2014-11-24 c:\windows\Tasks\Norton Product InstallerIdle.job
- c:\windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03 18:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2014-08-07 295712]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-09-16 63728]
"TpShocks"="TpShocks.exe" [2014-09-18 555736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\x203\AppData\Local\Temp\ie_script.htm
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-16  16:13:35
ComboFix-quarantined-files.txt  2015-01-16 15:13
.
Vor Suchlauf: 15 Verzeichnis(se), 23'481'569'280 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 23'075'418'112 Bytes frei
.
- - End Of File - - 2DA076E6B2C1E569D1868A186761A891
         

Alt 16.01.2015, 18:44   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.01.2015, 20:15   #15
maga84
 
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Standard

Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.01.2015
Suchlauf-Zeit: 20:47:44
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.01.16.10
Rootkit Datenbank: v2015.01.14.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Manuel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 300915
Verstrichene Zeit: 5 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 16/01/2015 um 20:54:43
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : x203 - ADMIN-MANUEL
# Gestartet von : C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 de)


*************************

AdwCleaner[R10].txt - [3776 octets] - [14/01/2015 09:03:25]
AdwCleaner[R11].txt - [2952 octets] - [14/01/2015 11:44:48]
AdwCleaner[R12].txt - [1975 octets] - [15/01/2015 14:47:08]
AdwCleaner[R13].txt - [1171 octets] - [16/01/2015 18:11:15]
AdwCleaner[R14].txt - [887 octets] - [16/01/2015 20:54:43]
AdwCleaner[S10].txt - [1187 octets] - [16/01/2015 18:22:19]
AdwCleaner[S8].txt - [3819 octets] - [14/01/2015 09:04:40]
AdwCleaner[S9].txt - [3022 octets] - [14/01/2015 11:56:02]

########## EOF - \AdwCleaner\AdwCleaner[R14].txt - [1128 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by x203 on 16.01.2015 at 21:01:20.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\x203\AppData\Roaming\mozilla\firefox\profiles\ci9uc6ip.default\prefs.js

user_pref("extensions.rBRO9pjpqFz3Gu2L.url", "hxxp://syncerjpi.info/sync2/?q=hfZ9ofV9CShEAen0rTa6qTUMg708BNmGWj8dichGheDUojw8rdwFrTsFrHaGqchIC7n0rjkErjwHrjk8qHkFtNhVCT94tMVKhd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2015 at 21:04:35.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 16-01-2015 21:10:36
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 21:04 - 2015-01-16 21:04 - 00000946 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-16 20:48 - 2015-01-16 20:48 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-16 20:42 - 2015-01-16 21:10 - 00028969 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-16 18:35 - 2015-01-16 18:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-16 18:26 - 2015-01-16 21:06 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 18:26 - 2015-01-16 20:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:26 - 2015-01-16 18:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-16 18:26 - 2015-01-16 18:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-16 18:26 - 2015-01-16 18:26 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 18:26 - 2015-01-16 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 17:23 - 2015-01-16 17:23 - 00001724 _____ () C:\Users\Manuel\Desktop\omlag71i.default-1421310525556 - Verknüpfung.lnk
2015-01-16 16:59 - 2015-01-16 16:59 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-16 16:56 - 2015-01-16 16:56 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-16 16:51 - 2015-01-16 16:51 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-16 16:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-16 16:47 - 2015-01-16 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-16 16:47 - 2015-01-16 16:47 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-16 16:34 - 2015-01-16 16:34 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Macromedia
2015-01-16 16:14 - 2015-01-16 16:14 - 00044315 _____ () C:\ComboFix.txt
2015-01-16 15:18 - 2015-01-16 15:18 - 00001584 _____ () C:\Users\Manuel\Desktop\Revouninstaller.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 12:28 - 2015-01-16 12:36 - 00001113 _____ () C:\Users\x203\Desktop\Revo Uninstaller.lnk
2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt
2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp
2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-16 13:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-16 16:16 - 00000000 ____D () C:\Qoobox
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-16 15:16 - 00003254 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 09:51 - 2015-01-16 21:05 - 00496156 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-16 21:05 - 00004548 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-16 21:10 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-16 16:50 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-16 20:55 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-16 16:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3   4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3   4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33
2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 21:09 - 2013-05-15 05:28 - 01177126 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 21:07 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-16 21:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 21:06 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-16 21:06 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-16 21:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 21:03 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 21:03 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 21:03 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 21:03 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 21:03 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 21:02 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-16 18:26 - 2013-10-27 09:56 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Google
2015-01-16 18:26 - 2013-05-15 05:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-16 18:23 - 2014-12-08 10:30 - 01022464 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-16 16:47 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-16 16:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 16:04 - 2014-01-01 17:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 15:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop
2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe
2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi
2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin
2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe
C:\Users\x203\AppData\Local\temp\Quarantine.exe
C:\Users\x203\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-16 21:10:58
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-01-2015 19:20:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-16 11:03 - 2015-01-16 14:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06DCFC04-6BA5-45A1-A87C-2AB6D5B07FB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {326D759E-1B50-476F-8ACE-CA0912537815} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION
Task: {3807F458-4445-431C-898E-980905E16691} - \TubeSaver-15-updater No Task File <==== ATTENTION
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49D3B875-F572-4023-9D26-A845D020A2F7} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9A209F4B-E899-4C8C-A211-FD8997DFC557} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4884143-8D6C-4A9B-94FB-13419383DF56} - \TubeSaver-15-enabler No Task File <==== ATTENTION
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe

==================== Loaded Modules (whitelisted) =============

2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-09-26 16:35 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-26 16:35 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-26 16:35 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg:  Malwarebytes Anti-Malware  (cleanup) => "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 09:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x7f4
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (01/16/2015 09:07:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 09:05:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014847


Microsoft Office Sessions:
=========================
Error: (01/16/2015 09:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d27f401d031c7d94fa442C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe77a7c0ad-9dbb-11e4-88fb-028037ec0200

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600


CodeIntegrity Errors:
===================================
  Date: 2015-01-16 13:58:16.187
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-16 13:58:16.140
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 7887.8 MB
Available physical RAM: 4680.63 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 12398.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:21.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

==================== End Of Log ============================
         

EIN DICKES DANKE NOCHMAL FÜR DIE MÜHE!

Antwort

Themen zu Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet
auf werbung umgeleitet, brand, chrome, cyberghost, dankbar, eingefangen, explorer, gefangen, gen, gmer, google, hoffe, konnte, log, malwarebytes, mozilla, nichts, pwmtr64v.dll, reset, spybot, tablet, umgeleitet, webseite, webseiten, werbung, windows, windows 7, xperia, zusammen



Ähnliche Themen: Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet


  1. Windows 7 Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.09.2015 (10)
  2. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 19.08.2015 (11)
  3. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.07.2015 (8)
  4. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 15.07.2015 (19)
  5. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.04.2015 (31)
  6. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 23.01.2015 (17)
  7. Windows 8.1: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 13.01.2015 (8)
  8. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 12.11.2014 (8)
  9. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 11.09.2014 (13)
  10. Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 27.07.2014 (7)
  11. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 19.05.2014 (15)
  12. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 17.05.2014 (7)
  13. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 28.04.2014 (9)
  14. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 26.04.2014 (4)
  15. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.01.2014 (6)
  16. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.11.2013 (12)
  17. Windows 8: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.08.2013 (5)

Zum Thema Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet - Hi Zusammen, ich bin brandneu hier und hoffe auf eure Hilfe. Hab mir Unisales eingefangen und Google konnte bis nun nicht helfen bzg. Mozilla, Chrome, I. Explorer resetten etc. haben - Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet...
Archiv
Du betrachtest: Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.