Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.03.2015, 11:50   #1
ausdemaus
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Hallo,

ich habe folgendes Problem:

Seit kurzem meldet meine Kaspersky Antivirus Software immer wieder mehrere DLL-Dateien mit folgendem Kommentar:
Datei: C:\Windows\Temp\j_vfu5c.dll
"Ein Angreifer kann ein legales Programm benutzen, um ihren Computer zu beschädigen oder um auf ihre Daten zuzugreifen:"
Aktuell habe ich diese Meldung zu 7 Dateien, alle im Temp Ordner.
Als das zum ersten Mal passierte, versuchte ich das ganze mithilfe von Kaspersky zu beheben. Die Meldungen sind dann auch weg, kehren aber nach relativ kurzer Zeit zurück.

Hier die gewünschten Logs:
Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:31 on 01/03/2015 (Xaver)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Xaver_2 (ATTENTION: The logged in user is not administrator) on E535 on 02-03-2015 11:19:32
Running from C:\Users\Xaver_2\Desktop
Loaded Profiles: Xaver_2 (Available profiles: Xaver & Xaver_2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> TrueSuiteService.exe
Failed to access process -> ibmpmsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> vpnagent.exe
Failed to access process -> atieclxx.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AdAppMgrSvc.exe
Failed to access process -> armsvc.exe
Failed to access process -> Fuel.Service.exe
Failed to access process -> Connect.Service.ContentService.exe
Failed to access process -> avp.exe
Failed to access process -> btwdins.exe
Failed to access process -> officeclicktorun.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> taskeng.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
Failed to access process -> CamMute.exe
Failed to access process -> TPKNRSVC.exe
Failed to access process -> vcamsvc.exe
Failed to access process -> lvvsst.exe
Failed to access process -> srpts.exe
Failed to access process -> virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Xaver_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Dropbox, Inc.) C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
Failed to access process -> SASrv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> TPHKSVC.exe
Failed to access process -> tpnumlkd.exe
Failed to access process -> tphkload.exe
Failed to access process -> tpnumlk.exe
Failed to access process -> micmute.exe
Failed to access process -> srptsl.exe
Failed to access process -> conhost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\LPT\srptm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
Failed to access process -> TrueService.exe
Failed to access process -> TrueService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> unsecapp.exe
Failed to access process -> rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
Failed to access process -> shtctky.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> PWMDBSVC.exe
Failed to access process -> rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-04-09] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Run: [Spotify Web Helper] => C:\Users\Xaver_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-14] (Spotify Ltd)
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Policies\Explorer: [] 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\MountPoints2: {a7eeea8d-5b85-11e4-a7f5-2cd05a1d5237} - G:\setup\rsrc\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0Og5rfxXvBjEn77eG45A,,
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1

FireFox:
========
FF ProfilePath: C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0Og5rfxXvBjEn77eG45A,,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-396452479-186164142-1222412316-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Xaver_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\searchplugins\.xml
FF SearchPlugin: C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\searchplugins\Web Search.xml
FF Extension: Adblock Plus - C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-24]
FF Extension: BetterPrivacy - C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-24]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-15]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-03-29] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] () <==== ATTENTION
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-09-16] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-30] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-01-17] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-01-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [149632 2013-04-09] (Ricoh co.,Ltd.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-26] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 11:19 - 2015-03-02 11:20 - 00030588 _____ () C:\Users\Xaver_2\Desktop\FRST.txt
2015-03-02 11:09 - 2015-03-02 11:09 - 00001613 _____ () C:\Users\Xaver_2\Desktop\KISreport.txt
2015-03-02 10:07 - 2015-03-02 10:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-03-01 16:31 - 2015-03-01 16:31 - 00000542 _____ () C:\Users\Xaver_2\Desktop\defogger_disable.log
2015-03-01 16:31 - 2015-03-01 16:31 - 00000168 _____ () C:\Users\Xaver\defogger_reenable
2015-03-01 16:29 - 2015-03-01 16:29 - 00050477 _____ () C:\Users\Xaver_2\Desktop\Defogger.exe
2015-03-01 16:11 - 2015-03-02 11:19 - 00000000 ____D () C:\FRST
2015-03-01 16:11 - 2015-03-01 16:11 - 02092544 _____ (Farbar) C:\Users\Xaver_2\Desktop\FRST64.exe
2015-02-27 10:55 - 2015-02-27 10:55 - 00002145 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2015-02-27 10:55 - 2015-02-27 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2015-02-27 10:55 - 2015-02-27 10:55 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-25 01:18 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 01:18 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-18 19:59 - 2015-02-20 13:43 - 00000000 ____D () C:\Windows\Minidump
2015-02-18 19:58 - 2015-02-20 13:43 - 401471716 _____ () C:\Windows\MEMORY.DMP
2015-02-18 19:38 - 2015-02-18 19:38 - 00000165 ____H () C:\Users\Xaver_2\Desktop\~$EbayVerkäufe.xlsx
2015-02-15 17:24 - 2015-03-02 10:16 - 00005478 _____ () C:\Windows\setupact.log
2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-14 08:44 - 2015-02-14 08:44 - 00000000 ____D () C:\Users\Xaver_2\Documents\OneNote-Notizbücher
2015-02-12 20:39 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:39 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 22:30 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 22:30 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 22:30 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 22:30 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 22:30 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 22:30 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 22:30 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 22:30 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 22:30 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 22:30 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 22:30 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 22:30 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 22:30 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 22:30 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 22:30 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 22:30 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 22:30 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 22:30 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 22:30 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 22:30 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 22:30 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 22:30 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 22:30 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 22:30 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 22:30 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 22:30 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 22:30 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 22:30 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 22:30 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 22:30 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 22:30 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 22:30 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 22:30 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 22:30 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 22:30 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 22:30 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 22:30 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 22:30 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 22:30 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 22:30 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 22:30 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 22:30 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 22:30 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 22:30 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 22:30 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 22:30 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 22:21 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 22:21 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 22:20 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 22:16 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 22:16 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 22:16 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 22:16 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 22:16 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 22:16 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 22:16 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 22:16 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 22:16 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 22:16 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 22:16 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 22:16 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 22:16 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 22:16 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 22:16 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 22:16 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 22:16 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 22:16 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 22:16 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 22:16 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 22:16 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 22:16 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 22:16 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 22:15 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 22:15 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 22:15 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 22:15 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 22:15 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 22:15 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 22:15 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 22:15 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 22:15 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 22:15 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 22:15 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 22:14 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-01 16:15 - 2015-02-01 16:15 - 00002073 _____ () C:\Users\Public\Desktop\HEC-RAS 4.1.0.lnk
2015-02-01 16:15 - 2015-02-01 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HEC
2015-02-01 16:15 - 2015-02-01 16:15 - 00000000 ____D () C:\Program Files (x86)\HEC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 10:27 - 2014-10-24 10:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 10:14 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 10:14 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 10:11 - 2014-11-06 17:42 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job
2015-03-02 10:11 - 2014-10-24 00:07 - 01988141 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 10:08 - 2014-11-06 17:06 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Dropbox
2015-03-02 10:07 - 2015-01-15 20:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-02 10:07 - 2014-12-23 07:31 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Raptr
2015-03-02 10:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 07:26 - 2014-10-24 14:07 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-01 20:49 - 2014-11-23 18:13 - 00011683 _____ () C:\Users\Xaver_2\Desktop\EbayVerkäufe.xlsx
2015-03-01 16:31 - 2014-10-24 00:12 - 00000000 ____D () C:\Users\Xaver
2015-02-28 14:13 - 2014-10-25 13:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Spotify
2015-02-28 10:03 - 2014-10-25 13:10 - 00000000 ____D () C:\Users\Xaver_2\AppData\Local\Spotify
2015-02-26 08:30 - 2014-11-07 09:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 05:58 - 2014-10-26 14:01 - 00038550 _____ () C:\Windows\PFRO.log
2015-02-24 23:22 - 2014-10-24 16:51 - 00000000 ____D () C:\Users\Xaver_2\Desktop\KV,Bank usw
2015-02-24 22:20 - 2014-10-24 16:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 17:13 - 2011-04-12 08:43 - 00699234 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 17:13 - 2011-04-12 08:43 - 00149342 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 17:13 - 2009-07-14 06:13 - 01618840 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-18 10:45 - 2014-11-06 21:06 - 00000000 ____D () C:\Users\Xaver_2\AppData\Local\Autodesk
2015-02-18 09:55 - 2014-10-25 15:30 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\DAEMON Tools Lite
2015-02-18 09:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-02-13 16:03 - 2014-10-24 16:52 - 00000000 ____D () C:\Users\Xaver_2\Desktop\Unterlagen Avantgarde
2015-02-13 13:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 08:44 - 2014-11-06 17:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 08:37 - 2009-07-14 05:45 - 00529704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:35 - 2014-12-11 08:26 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:35 - 2014-10-24 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 08:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 00:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 00:04 - 2014-10-24 01:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:59 - 2014-10-24 01:06 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 06:46 - 2014-11-18 18:07 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-02-04 20:27 - 2014-10-24 10:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 20:27 - 2014-10-24 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 15:53 - 2014-10-24 16:51 - 00000000 ____D () C:\Users\Xaver_2\Desktop\Ebay usw
2015-01-31 12:43 - 2014-12-22 21:59 - 00000000 ____D () C:\Users\Xaver\AppData\Roaming\Raptr
2015-01-31 12:42 - 2014-12-22 21:59 - 00000000 ____D () C:\Program Files (x86)\Raptr

==================== Files in the root of some directories =======

2014-10-24 08:59 - 2014-10-24 08:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-30 17:45 - 2014-10-30 17:45 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Xaver_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfk0u2d.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Xaver_2 at 2015-03-02 11:21:07
Running from C:\Users\Xaver_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.0 - AppEx Networks)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
AutoCAD 2015 - Deutsch (German) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - Deutsch (German) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk AutoCAD 2015 - Deutsch (German) (HKLM\...\AutoCAD 2015 - Deutsch (German)) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.201 - Broadcom Corporation)
Call of Duty - United Offensive (HKLM-x32\...\InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}) (Version: 1.00.0000 - Activision)
Call of Duty - United Offensive (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty (HKLM-x32\...\Call of Duty) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.3 - Lenovo Group Limited)
Fingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HEC-RAS 4.1.0 (HKLM-x32\...\{692F1402-6F45-42F3-9D82-9AAEFBFAD4A1}) (Version: 4.1.0 - Hydrologic Engineering Center)
Integrated Camera Driver Installer Package Ver.1.0.0.27 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.27 - RICOH)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4400 - Broadcom Corporation)
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0020 - Lenovo)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.22.20141205 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics)
LINGO 14.0/x64 (HKLM\...\{B5BB2F98-F948-4057-884A-49272652F274}) (Version: 14.0 - Lindo Systems Inc)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
MATLAB R2014b (HKLM\...\Matlab R2014b) (Version: 8.4 - The MathWorks, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
Seafile 4.0.4 (HKLM-x32\...\{41E18CDA-69BC-4E5E-BB17-424D8D01F1F9}) (Version: 4.0.4 - HaiWenHuZhi ltd.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.26.7 - Client Connect LTD) <==== ATTENTION
SketchUp-Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Spotify (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TeX Live 2014 (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\TeXLive2014) (Version: 2014 - )
TeXstudio 2.8.8 (HKLM-x32\...\TeXstudio_is1) (Version: 2.8.8 - Benito van der Zander)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
Unity Web Player (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Verfügbare Autodesk-Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
VideoLAN VLC media player 0.8.6i (HKLM-x32\...\VLC media player) (Version: 0.8.6i - VideoLAN Team)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Yahoo Community Smartbar (HKLM-x32\...\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job => 

==================== Loaded Modules (whitelisted) ==============

2013-08-07 02:03 - 2013-08-07 02:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2013-08-07 02:04 - 2013-08-07 02:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2014-11-06 22:44 - 2014-09-10 06:06 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-10-24 08:59 - 2010-10-26 11:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-08-27 16:24 - 2014-08-27 16:29 - 00024576 _____ () C:\Program Files (x86)\LPT\srptm.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-396452479-186164142-1222412316-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.156.33.53 - 129.187.5.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-396452479-186164142-1222412316-500 - Administrator - Disabled)
Gast (S-1-5-21-396452479-186164142-1222412316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-396452479-186164142-1222412316-1002 - Limited - Enabled)
Xaver (S-1-5-21-396452479-186164142-1222412316-1000 - Administrator - Enabled) => C:\Users\Xaver
Xaver_2 (S-1-5-21-396452479-186164142-1222412316-1003 - Limited - Enabled) => C:\Users\Xaver_2

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2015 10:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x8f4
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3

Error: (03/02/2015 10:07:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 10:38:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (03/01/2015 10:38:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/01/2015 00:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x918
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3

Error: (03/01/2015 00:26:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 02:22:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070013, Das Medium ist schreibgeschützt.
.

Error: (02/28/2015 02:22:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070013, Das Medium ist schreibgeschützt.
]

Error: (02/28/2015 02:22:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070013, Das Medium ist schreibgeschützt.
.

Error: (02/28/2015 02:22:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070013, Das Medium ist schreibgeschützt.
]


System errors:
=============
Error: (03/02/2015 11:06:34 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/02/2015 10:39:49 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/02/2015 10:08:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/02/2015 10:06:49 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/02/2015 10:06:04 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/01/2015 11:07:45 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/01/2015 08:04:00 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/01/2015 07:26:45 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/01/2015 07:18:15 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/01/2015 04:52:15 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.


Microsoft Office Sessions:
=========================
Error: (03/02/2015 10:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.1.7601.18247521eaf24c000037400000000000c41028f401d054c820c1127cC:\Windows\system32\CxAudMsg64.exeC:\Windows\SYSTEM32\ntdll.dll9d83fff5-c0bb-11e4-b14c-2cd05a1d5237

Error: (03/02/2015 10:07:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 10:38:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (03/01/2015 10:38:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (03/01/2015 00:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410291801d053adbba78104C:\Windows\system32\CxAudMsg64.exeC:\Windows\SYSTEM32\ntdll.dll362fb375-bfa1-11e4-8179-2cd05a1d5237

Error: (03/01/2015 00:26:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 02:22:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070013, Das Medium ist schreibgeschützt.

Error: (02/28/2015 02:22:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, Das Medium ist schreibgeschützt.

Error: (02/28/2015 02:22:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070013, Das Medium ist schreibgeschützt.

Error: (02/28/2015 02:22:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, Das Medium ist schreibgeschützt.


CodeIntegrity Errors:
===================================
  Date: 2015-02-13 13:18:59.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 13:18:59.923
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 12:54:23.872
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 12:54:23.856
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 08:25:39.926
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 08:25:39.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 08:14:49.814
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 08:14:49.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 11:32:41.256
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 11:32:41.100
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 64%
Total physical RAM: 3506.98 MB
Available physical RAM: 1246.18 MB
Total Pagefile: 7012.14 MB
Available Pagefile: 3927.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100 GB) (Free:33.86 GB) NTFS
Drive d: (Daten) (Fixed) (Total:364.76 GB) (Free:219.53 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Das LOG-File von GMER war zu groß und ist daher als Anhang zusammen mit dem Logfile von Kaspersky zu finden.

Ich hoffe ihr könnt mir helfen!

Viele Grüße,
ausdemaus

Geändert von ausdemaus (02.03.2015 um 11:57 Uhr)

Alt 02.03.2015, 11:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Hi und

Ist das dein privater Rechner? Seh da einiges was auf gewerbliche Nutzung schließen lässt. Außerdem...

Zitat:
(ATTENTION: The logged in user is not administrator)
...hattest du keine Adminrechte mit FRST, einfach nur vergessen oder hast du nur nen eingeschränkten Windows-User?
__________________

__________________

Alt 02.03.2015, 12:07   #3
ausdemaus
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Hallo cosinus,
ja, das ist mein Privatrechner.

Sorry, hier das FRST-Logfile nach Ausführung als Admin:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Xaver (administrator) on E535 on 02-03-2015 12:05:15
Running from C:\Users\Xaver_2\Desktop
Loaded Profiles: Xaver & Xaver_2 (Available profiles: Xaver & Xaver_2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\LPT\srpts.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Xaver_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Dropbox, Inc.) C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\LPT\srptm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hydrologic Engineering Center) C:\Program Files (x86)\HEC\HEC-RAS\4.1.0\ras.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-04-09] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Xaver\AppData\Local\Smartbar\Application\Smartbar.exe startup
HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Xaver\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Run: [Spotify Web Helper] => C:\Users\Xaver_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-14] (Spotify Ltd)
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Policies\Explorer: [] 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\MountPoints2: {a7eeea8d-5b85-11e4-a7f5-2cd05a1d5237} - G:\setup\rsrc\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Xaver\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-396452479-186164142-1222412316-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-396452479-186164142-1222412316-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv_kqFD_0EXMbdNH2KRQA,,&q={searchTerms}
HKU\S-1-5-21-396452479-186164142-1222412316-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0J0P5CFCAK2cEtlT8ehg,,
HKU\S-1-5-21-396452479-186164142-1222412316-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv_kqFD_0EXMbdNH2KRQA,,&q={searchTerms}
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0Og5rfxXvBjEn77eG45A,,
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv_kqFD_0EXMbdNH2KRQA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv_kqFD_0EXMbdNH2KRQA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1

FireFox:
========
FF ProfilePath: C:\Users\Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\nGSkNjN8.default
FF Homepage: about:home
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv_kqFD_0EXMbdNH2KRQA,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-396452479-186164142-1222412316-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Xaver_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\nGSkNjN8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-24]
FF Extension: BetterPrivacy - C:\Users\Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\nGSkNjN8.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-24]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-15]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\nGSkNjN8.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [Not Found]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-03-29] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] () <==== ATTENTION
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-09-16] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-30] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-01-17] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-01-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [149632 2013-04-09] (Ricoh co.,Ltd.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-26] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
U3 pgddapod; \??\C:\Users\Xaver\AppData\Local\Temp\pgddapod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 11:56 - 2015-03-02 11:56 - 00006456 _____ () C:\Users\Xaver_2\Desktop\Logfiles.7z
2015-03-02 11:32 - 2015-03-02 11:32 - 00207642 _____ () C:\Users\Xaver_2\Desktop\Gmer.txt
2015-03-02 11:28 - 2015-03-02 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Password Vault
2015-03-02 11:22 - 2015-03-02 11:22 - 00380416 _____ () C:\Users\Xaver_2\Desktop\f82s7i2d.exe
2015-03-02 11:21 - 2015-03-02 11:21 - 00031008 _____ () C:\Users\Xaver_2\Desktop\Addition.txt
2015-03-02 11:19 - 2015-03-02 12:05 - 00031723 _____ () C:\Users\Xaver_2\Desktop\FRST.txt
2015-03-02 11:09 - 2015-03-02 11:09 - 00001613 _____ () C:\Users\Xaver_2\Desktop\KISreport.txt
2015-03-02 10:07 - 2015-03-02 10:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-03-01 16:31 - 2015-03-01 16:31 - 00000542 _____ () C:\Users\Xaver_2\Desktop\defogger_disable.log
2015-03-01 16:31 - 2015-03-01 16:31 - 00000168 _____ () C:\Users\Xaver\defogger_reenable
2015-03-01 16:29 - 2015-03-01 16:29 - 00050477 _____ () C:\Users\Xaver_2\Desktop\Defogger.exe
2015-03-01 16:11 - 2015-03-02 12:05 - 00000000 ____D () C:\FRST
2015-03-01 16:11 - 2015-03-01 16:11 - 02092544 _____ (Farbar) C:\Users\Xaver_2\Desktop\FRST64.exe
2015-02-27 10:55 - 2015-02-27 10:55 - 00002145 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2015-02-27 10:55 - 2015-02-27 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2015-02-27 10:55 - 2015-02-27 10:55 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-25 01:18 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 01:18 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 13:43 - 2015-02-20 13:44 - 00321640 _____ () C:\Windows\Minidump\022015-24367-01.dmp
2015-02-19 06:21 - 2015-02-19 06:21 - 00317512 _____ () C:\Windows\Minidump\021915-21590-01.dmp
2015-02-18 19:59 - 2015-02-20 13:43 - 00000000 ____D () C:\Windows\Minidump
2015-02-18 19:59 - 2015-02-18 19:59 - 00297064 _____ () C:\Windows\Minidump\021815-22167-01.dmp
2015-02-18 19:58 - 2015-02-20 13:43 - 401471716 _____ () C:\Windows\MEMORY.DMP
2015-02-18 19:38 - 2015-02-18 19:38 - 00000165 ____H () C:\Users\Xaver_2\Desktop\~$EbayVerkäufe.xlsx
2015-02-15 17:24 - 2015-03-02 10:16 - 00005478 _____ () C:\Windows\setupact.log
2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-14 08:44 - 2015-02-14 08:44 - 00000000 ____D () C:\Users\Xaver_2\Documents\OneNote-Notizbücher
2015-02-12 20:39 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:39 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 22:30 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 22:30 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 22:30 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 22:30 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 22:30 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 22:30 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 22:30 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 22:30 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 22:30 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 22:30 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 22:30 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 22:30 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 22:30 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 22:30 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 22:30 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 22:30 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 22:30 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 22:30 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 22:30 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 22:30 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 22:30 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 22:30 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 22:30 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 22:30 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 22:30 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 22:30 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 22:30 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 22:30 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 22:30 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 22:30 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 22:30 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 22:30 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 22:30 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 22:30 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 22:30 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 22:30 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 22:30 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 22:30 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 22:30 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 22:30 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 22:30 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 22:30 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 22:30 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 22:30 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 22:30 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 22:30 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 22:21 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 22:21 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 22:20 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 22:16 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 22:16 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 22:16 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 22:16 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 22:16 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 22:16 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 22:16 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 22:16 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 22:16 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 22:16 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 22:16 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 22:16 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 22:16 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 22:16 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 22:16 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 22:16 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 22:16 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 22:16 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 22:16 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 22:16 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 22:16 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 22:16 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 22:16 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 22:15 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 22:15 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 22:15 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 22:15 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 22:15 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 22:15 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 22:15 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 22:15 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 22:15 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 22:15 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 22:15 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 22:14 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-01 16:15 - 2015-02-01 16:15 - 00002073 _____ () C:\Users\Public\Desktop\HEC-RAS 4.1.0.lnk
2015-02-01 16:15 - 2015-02-01 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HEC
2015-02-01 16:15 - 2015-02-01 16:15 - 00000000 ____D () C:\Program Files (x86)\HEC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 12:01 - 2014-11-23 18:13 - 00011678 _____ () C:\Users\Xaver_2\Desktop\EbayVerkäufe.xlsx
2015-03-02 11:50 - 2015-01-15 20:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-02 11:27 - 2014-10-24 10:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 10:14 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 10:14 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 10:11 - 2014-11-06 17:42 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job
2015-03-02 10:11 - 2014-10-24 00:07 - 02008637 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 10:08 - 2014-11-06 17:06 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Dropbox
2015-03-02 10:07 - 2014-12-23 07:31 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Raptr
2015-03-02 10:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 07:26 - 2014-10-24 14:07 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-01 16:31 - 2014-10-24 00:12 - 00000000 ____D () C:\Users\Xaver
2015-02-28 14:13 - 2014-10-25 13:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Spotify
2015-02-28 10:03 - 2014-10-25 13:10 - 00000000 ____D () C:\Users\Xaver_2\AppData\Local\Spotify
2015-02-26 08:30 - 2014-11-07 09:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 05:58 - 2014-10-26 14:01 - 00038550 _____ () C:\Windows\PFRO.log
2015-02-24 23:22 - 2014-10-24 16:51 - 00000000 ____D () C:\Users\Xaver_2\Desktop\KV,Bank usw
2015-02-24 22:20 - 2014-10-24 16:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 17:13 - 2011-04-12 08:43 - 00699234 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 17:13 - 2011-04-12 08:43 - 00149342 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 17:13 - 2009-07-14 06:13 - 01618840 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-18 10:45 - 2014-11-06 21:06 - 00000000 ____D () C:\Users\Xaver_2\AppData\Local\Autodesk
2015-02-18 09:55 - 2014-10-25 15:30 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\DAEMON Tools Lite
2015-02-18 09:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-02-13 16:03 - 2014-10-24 16:52 - 00000000 ____D () C:\Users\Xaver_2\Desktop\Unterlagen Avantgarde
2015-02-13 13:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 08:44 - 2014-11-06 17:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 08:37 - 2009-07-14 05:45 - 00529704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:35 - 2014-12-11 08:26 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:35 - 2014-10-24 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 08:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 00:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 00:04 - 2014-10-24 01:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:59 - 2014-10-24 01:06 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 06:46 - 2014-11-18 18:07 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-02-04 20:28 - 2014-10-24 10:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:27 - 2014-10-24 10:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 20:27 - 2014-10-24 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 15:53 - 2014-10-24 16:51 - 00000000 ____D () C:\Users\Xaver_2\Desktop\Ebay usw
2015-01-31 12:43 - 2014-12-22 21:59 - 00000000 ____D () C:\Users\Xaver\AppData\Roaming\Raptr
2015-01-31 12:42 - 2014-12-22 21:59 - 00000000 ____D () C:\Program Files (x86)\Raptr

==================== Files in the root of some directories =======

2014-10-24 08:59 - 2014-10-24 08:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-30 17:45 - 2014-10-30 17:45 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Xaver_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfk0u2d.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 15:27

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 02.03.2015, 12:20   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Dein Ernst alles privat?

Zitat:
AutoCAD 2015 - Deutsch (German) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
TeX Live 2014 (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\TeXLive2014) (Version: 2014 - )
TeXstudio 2.8.8 (HKLM-x32\...\TeXstudio_is1) (Version: 2.8.8 - Benito van der Zander)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2015, 12:25   #5
ausdemaus
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Ja, das sind alles Studentenversionen.


Alt 02.03.2015, 12:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Ok, danke für die Erklärung

Kommst du an die Kaspersky-Logs ran? Wenn ja bitte alles mit Funden posten.

Und bitte auch ein Log mit MBAR machen: Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien

Alt 02.03.2015, 15:09   #7
ausdemaus
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Kaspersky Bericht:

Code:
ATTFilter
02.03.2015 10.08.45	Gefundenes Objekt (Datei) wurde nicht verarbeitet	C:\Windows\Temp\f9vkpb5x.dll	Datei: C:\Windows\Temp\f9vkpb5x.dll	Objektname: not-a-virus:AdWare.Win32.Linkury.a	Objekttyp: Adware	Zeitpunkt: 02.03.2015, 10:08
02.03.2015 10.08.47	Gefundenes Objekt (Datei) wurde nicht verarbeitet	C:\Windows\Temp\aw4srj3g.dll	Datei: C:\Windows\Temp\aw4srj3g.dll	Objektname: not-a-virus:AdWare.Win32.Linkury.a	Objekttyp: Adware	Zeitpunkt: 02.03.2015, 10:08
02.03.2015 10.09.25	Gefundenes Objekt (Datei) wurde nicht verarbeitet	C:\Windows\Temp\_dumhrb9.dll	Datei: C:\Windows\Temp\_dumhrb9.dll	Objektname: not-a-virus:AdWare.Win32.Linkury.a	Objekttyp: Adware	Zeitpunkt: 02.03.2015, 10:09
02.03.2015 07.26.19	Gefundenes Objekt (Datei) wurde nicht verarbeitet	C:\Windows\Temp\mjohobma.dll	Datei: C:\Windows\Temp\mjohobma.dll	Objektname: not-a-virus:AdWare.Win32.Linkury.a	Objekttyp: Adware	Zeitpunkt: 02.03.2015, 07:26
02.03.2015 10.09.27	Gefundenes Objekt (Datei) wurde nicht verarbeitet	C:\Windows\Temp\j_vf7u5c.dll	Datei: C:\Windows\Temp\j_vf7u5c.dll	Objektname: not-a-virus:AdWare.Win32.Linkury.a	Objekttyp: Adware	Zeitpunkt: 02.03.2015, 10:09
02.03.2015 06.55.52	Gefundenes Objekt (Datei) wurde nicht verarbeitet	C:\Windows\Temp\yf4_bqbu.dll	Datei: C:\Windows\Temp\yf4_bqbu.dll	Objektname: not-a-virus:AdWare.Win32.Linkury.a	Objekttyp: Adware	Zeitpunkt: 02.03.2015, 06:55
02.03.2015 07.26.21	Gefundenes Objekt (Datei) wurde nicht verarbeitet	C:\Windows\Temp\onxra1ju.dll	Datei: C:\Windows\Temp\onxra1ju.dll	Objektname: not-a-virus:AdWare.Win32.Linkury.a	Objekttyp: Adware	Zeitpunkt: 02.03.2015, 07:26
         
Ist das das was du brauchst? Oder gibt es da noch mehr? Wenn ja, wo finde ich das?


LOG von MBAR:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.02.03
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Xaver :: E535 [administrator]

02.03.2015 14:52:28
mbar-log-2015-03-02 (14-52-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 399479
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Konnte keinen CleanUp machen, da er nix gefunden hat. Die Meldungen, die auch in dem Bericht von Kaspersky (s.o.) sind, bestehen weiterhin.

Alt 02.03.2015, 15:49   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2015, 17:10   #9
ausdemaus
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



AdwCleaner Log:

Code:
ATTFilter
# AdwCleaner v4.111 - Bericht erstellt 02/03/2015 um 16:32:43
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Xaver - E535
# Gestarted von : C:\Users\Xaver_2\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : LPTSystemUpdater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\LPT
Ordner Gelöscht : C:\Users\Xaver\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Xaver\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Xaver\AppData\Local\Smartbar
Datei Gelöscht : C:\Users\Xaver_2\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\searchplugins\Web Search.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[nGSkNjN8.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4I[...]
[yqd6fu79.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[yqd6fu79.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-[...]
[yqd6fu79.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4I[...]

*************************

AdwCleaner[R0].txt - [6639 Bytes] - [02/03/2015 16:26:12]
AdwCleaner[S0].txt - [4722 Bytes] - [02/03/2015 16:32:43]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4781  Bytes] ##########
         
JRT Log:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x64
Ran by Xaver on 02.03.2015 at 16:41:45,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2015 at 16:49:38,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
neuer FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Xaver (administrator) on E535 on 02-03-2015 17:07:35
Running from C:\Users\Xaver_2\Desktop
Loaded Profiles: Xaver & Xaver_2 (Available profiles: Xaver & Xaver_2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Xaver_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Dropbox, Inc.) C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-04-09] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Xaver\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Run: [Spotify Web Helper] => C:\Users\Xaver_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-14] (Spotify Ltd)
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Policies\Explorer: [] 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\MountPoints2: {a7eeea8d-5b85-11e4-a7f5-2cd05a1d5237} - G:\setup\rsrc\Autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Xaver\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-396452479-186164142-1222412316-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0Og5rfxXvBjEn77eG45A,,
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.9 195.234.128.16

FireFox:
========
FF ProfilePath: C:\Users\Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\nGSkNjN8.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-396452479-186164142-1222412316-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Xaver_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\nGSkNjN8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-24]
FF Extension: BetterPrivacy - C:\Users\Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\nGSkNjN8.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-24]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-15]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\nGSkNjN8.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [Not Found]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-03-29] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-09-16] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-30] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-01-17] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-01-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [149632 2013-04-09] (Ricoh co.,Ltd.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-26] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 16:56 - 2015-03-02 16:56 - 00000625 _____ () C:\Users\Xaver_2\Desktop\JRT.txt
2015-03-02 16:49 - 2015-03-02 16:49 - 00000625 _____ () C:\Users\Xaver\Desktop\JRT.txt
2015-03-02 16:26 - 2015-03-02 16:32 - 00000000 ____D () C:\AdwCleaner
2015-03-02 16:22 - 2015-03-02 16:22 - 02126848 _____ () C:\Users\Xaver_2\Desktop\AdwCleaner_4.111.exe
2015-03-02 16:22 - 2015-03-02 16:22 - 01388333 _____ (Thisisu) C:\Users\Xaver_2\Desktop\JRT.exe
2015-03-02 16:18 - 2015-03-02 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader
2015-03-02 15:44 - 2015-03-02 15:44 - 00502120 _____ () C:\Windows\Minidump\030215-23244-01.dmp
2015-03-02 15:15 - 2015-03-02 15:15 - 00000861 _____ () C:\Users\Xaver_2\Desktop\Study Project.lnk
2015-03-02 14:56 - 2015-03-02 15:00 - 00022016 _____ () C:\Users\Xaver_2\Desktop\Stundenabrechnung 27.2.-2.03.2015.xls
2015-03-02 14:51 - 2015-03-02 15:06 - 00000000 ____D () C:\Users\Xaver_2\Desktop\mbar
2015-03-02 13:43 - 2015-03-02 15:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-02 13:43 - 2015-03-02 14:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 13:43 - 2015-03-02 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 13:42 - 2015-03-02 14:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-02 13:41 - 2015-03-02 14:49 - 00000000 ____D () C:\Users\Xaver\Desktop\mbar
2015-03-02 13:39 - 2015-03-02 13:40 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Xaver_2\Desktop\mbar-1.09.1.1004.exe
2015-03-02 11:32 - 2015-03-02 11:32 - 00207642 _____ () C:\Users\Xaver_2\Desktop\Gmer.txt
2015-03-02 11:22 - 2015-03-02 11:22 - 00380416 _____ () C:\Users\Xaver_2\Desktop\f82s7i2d.exe
2015-03-02 11:21 - 2015-03-02 11:21 - 00031008 _____ () C:\Users\Xaver_2\Desktop\Addition.txt
2015-03-02 11:19 - 2015-03-02 17:07 - 00028143 _____ () C:\Users\Xaver_2\Desktop\FRST.txt
2015-03-02 11:09 - 2015-03-02 11:09 - 00001613 _____ () C:\Users\Xaver_2\Desktop\KISreport.txt
2015-03-01 16:31 - 2015-03-01 16:31 - 00000542 _____ () C:\Users\Xaver_2\Desktop\defogger_disable.log
2015-03-01 16:31 - 2015-03-01 16:31 - 00000168 _____ () C:\Users\Xaver\defogger_reenable
2015-03-01 16:29 - 2015-03-01 16:29 - 00050477 _____ () C:\Users\Xaver_2\Desktop\Defogger.exe
2015-03-01 16:11 - 2015-03-02 17:07 - 00000000 ____D () C:\FRST
2015-03-01 16:11 - 2015-03-01 16:11 - 02092544 _____ (Farbar) C:\Users\Xaver_2\Desktop\FRST64.exe
2015-02-27 10:55 - 2015-02-27 10:55 - 00002145 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2015-02-27 10:55 - 2015-02-27 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2015-02-27 10:55 - 2015-02-27 10:55 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-25 01:18 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 01:18 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 13:43 - 2015-02-20 13:44 - 00321640 _____ () C:\Windows\Minidump\022015-24367-01.dmp
2015-02-19 06:21 - 2015-02-19 06:21 - 00317512 _____ () C:\Windows\Minidump\021915-21590-01.dmp
2015-02-18 19:59 - 2015-03-02 15:44 - 00000000 ____D () C:\Windows\Minidump
2015-02-18 19:59 - 2015-02-18 19:59 - 00297064 _____ () C:\Windows\Minidump\021815-22167-01.dmp
2015-02-18 19:58 - 2015-03-02 15:44 - 522045028 _____ () C:\Windows\MEMORY.DMP
2015-02-18 19:38 - 2015-02-18 19:38 - 00000165 ____H () C:\Users\Xaver_2\Desktop\~$EbayVerkäufe.xlsx
2015-02-15 17:24 - 2015-03-02 16:44 - 00005944 _____ () C:\Windows\setupact.log
2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-14 08:44 - 2015-02-14 08:44 - 00000000 ____D () C:\Users\Xaver_2\Documents\OneNote-Notizbücher
2015-02-12 20:39 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:39 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 22:30 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 22:30 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 22:30 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 22:30 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 22:30 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 22:30 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 22:30 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 22:30 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 22:30 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 22:30 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 22:30 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 22:30 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 22:30 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 22:30 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 22:30 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 22:30 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 22:30 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 22:30 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 22:30 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 22:30 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 22:30 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 22:30 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 22:30 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 22:30 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 22:30 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 22:30 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 22:30 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 22:30 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 22:30 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 22:30 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 22:30 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 22:30 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 22:30 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 22:30 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 22:30 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 22:30 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 22:30 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 22:30 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 22:30 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 22:30 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 22:30 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 22:30 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 22:30 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 22:30 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 22:30 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 22:30 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 22:30 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 22:30 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 22:21 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 22:21 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 22:21 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 22:20 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 22:20 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 22:20 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 22:16 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 22:16 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 22:16 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 22:16 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 22:16 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 22:16 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 22:16 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 22:16 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 22:16 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 22:16 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 22:16 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 22:16 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 22:16 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 22:16 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 22:16 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 22:16 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 22:16 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 22:16 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 22:16 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 22:16 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 22:16 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 22:16 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 22:16 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 22:16 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 22:15 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 22:15 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 22:15 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 22:15 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 22:15 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 22:15 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 22:15 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 22:15 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 22:15 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 22:15 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 22:15 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 22:14 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-01 16:15 - 2015-02-01 16:15 - 00002073 _____ () C:\Users\Public\Desktop\HEC-RAS 4.1.0.lnk
2015-02-01 16:15 - 2015-02-01 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HEC
2015-02-01 16:15 - 2015-02-01 16:15 - 00000000 ____D () C:\Program Files (x86)\HEC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 17:07 - 2014-10-24 00:07 - 02035666 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 17:00 - 2014-11-06 17:42 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job
2015-03-02 17:00 - 2014-11-06 17:06 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Dropbox
2015-03-02 16:42 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 16:42 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 16:35 - 2015-01-15 20:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-02 16:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 16:33 - 2014-10-24 14:07 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-02 16:32 - 2014-10-26 12:54 - 00001085 _____ () C:\Users\Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-03-02 16:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 16:27 - 2014-10-24 10:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 10:07 - 2014-12-23 07:31 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Raptr
2015-03-01 16:31 - 2014-10-24 00:12 - 00000000 ____D () C:\Users\Xaver
2015-02-28 14:13 - 2014-10-25 13:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Spotify
2015-02-28 10:03 - 2014-10-25 13:10 - 00000000 ____D () C:\Users\Xaver_2\AppData\Local\Spotify
2015-02-26 08:30 - 2014-11-07 09:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 05:58 - 2014-10-26 14:01 - 00038550 _____ () C:\Windows\PFRO.log
2015-02-24 22:20 - 2014-10-24 16:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 17:13 - 2011-04-12 08:43 - 00699234 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 17:13 - 2011-04-12 08:43 - 00149342 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 17:13 - 2009-07-14 06:13 - 01618840 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-18 10:45 - 2014-11-06 21:06 - 00000000 ____D () C:\Users\Xaver_2\AppData\Local\Autodesk
2015-02-18 09:55 - 2014-10-25 15:30 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\DAEMON Tools Lite
2015-02-18 09:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-02-13 16:03 - 2014-10-24 16:52 - 00000000 ____D () C:\Users\Xaver_2\Desktop\Unterlagen Avantgarde
2015-02-13 13:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 08:44 - 2014-11-06 17:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 08:37 - 2009-07-14 05:45 - 00529704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:35 - 2014-12-11 08:26 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:35 - 2014-10-24 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 08:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 00:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 00:04 - 2014-10-24 01:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:59 - 2014-10-24 01:06 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 06:46 - 2014-11-18 18:07 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-02-04 20:28 - 2014-10-24 10:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:27 - 2014-10-24 10:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 20:27 - 2014-10-24 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 12:43 - 2014-12-22 21:59 - 00000000 ____D () C:\Users\Xaver\AppData\Roaming\Raptr
2015-01-31 12:42 - 2014-12-22 21:59 - 00000000 ____D () C:\Program Files (x86)\Raptr

==================== Files in the root of some directories =======

2014-10-24 08:59 - 2014-10-24 08:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-30 17:45 - 2014-10-30 17:45 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Xaver\AppData\Local\Temp\Quarantine.exe
C:\Users\Xaver\AppData\Local\Temp\sqlite3.dll
C:\Users\Xaver_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb5zc58.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 15:27

==================== End Of Log ============================
         
--- --- ---


Addition-Log:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Xaver at 2015-03-02 17:08:37
Running from C:\Users\Xaver_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.0 - AppEx Networks)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
AutoCAD 2015 - Deutsch (German) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - Deutsch (German) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk AutoCAD 2015 - Deutsch (German) (HKLM\...\AutoCAD 2015 - Deutsch (German)) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.201 - Broadcom Corporation)
Call of Duty - United Offensive (HKLM-x32\...\InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}) (Version: 1.00.0000 - Activision)
Call of Duty - United Offensive (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty (HKLM-x32\...\Call of Duty) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.3 - Lenovo Group Limited)
Fingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HEC-RAS 4.1.0 (HKLM-x32\...\{692F1402-6F45-42F3-9D82-9AAEFBFAD4A1}) (Version: 4.1.0 - Hydrologic Engineering Center)
Integrated Camera Driver Installer Package Ver.1.0.0.27 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.27 - RICOH)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4400 - Broadcom Corporation)
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0020 - Lenovo)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.22.20141205 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics)
LINGO 14.0/x64 (HKLM\...\{B5BB2F98-F948-4057-884A-49272652F274}) (Version: 14.0 - Lindo Systems Inc)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
MATLAB R2014b (HKLM\...\Matlab R2014b) (Version: 8.4 - The MathWorks, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
Seafile 4.0.4 (HKLM-x32\...\{41E18CDA-69BC-4E5E-BB17-424D8D01F1F9}) (Version: 4.0.4 - HaiWenHuZhi ltd.)
SketchUp-Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Spotify (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TeX Live 2014 (HKU\S-1-5-21-396452479-186164142-1222412316-1000\...\TeXLive2014) (Version: 2014 - )
TeX Live 2014 (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\TeXLive2014) (Version: 2014 - )
TeXstudio 2.8.8 (HKLM-x32\...\TeXstudio_is1) (Version: 2.8.8 - Benito van der Zander)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
Unity Web Player (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Verfügbare Autodesk-Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
VideoLAN VLC media player 0.8.6i (HKLM-x32\...\VLC media player) (Version: 0.8.6i - VideoLAN Team)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\de-DE\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-396452479-186164142-1222412316-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

24-02-2015 22:26:51 Windows Update
25-02-2015 01:17:36 Windows Update
27-02-2015 10:54:41 Installed Google Earth Pro.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {073E53B6-BE5E-4EAE-B2D3-7C908DC2B545} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {0C1F65BD-11A7-43C5-8C9F-4AC3876CCC75} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {18FB2C8A-B36D-4783-A831-C025A9F18CF5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1F9F4AF5-CBEE-4709-AC51-B1C62AE71027} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-09-10] (Lenovo Group Limited)
Task: {22FD2DD6-9CE0-444D-9309-74C758BA49D6} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {28C7A9F9-9F0B-4BEA-BF0D-07FF63C944F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2B03813E-8738-4EFF-B474-F236D57ADF1C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-14] (Microsoft Corporation)
Task: {4B58CF55-DF6C-41FB-A97A-FB9FDA6A3F83} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {4DF7CFE7-3D1C-4AD5-B498-3E9B54268E92} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {4F77EEFC-3603-47FC-8C04-8EA28B248E00} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {6C401D32-1BB8-4C74-9960-5688A6DD46DD} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {7014DD27-E812-4B04-9D73-7FB7B0F9001A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8CA2C5C3-7E18-48CD-B40A-D875E46D3F4F} - System32\Tasks\MATLAB R2014b Startup Accelerator => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe [2014-07-26] ()
Task: {9886D1F9-0978-4413-A8D6-B1EA0C10CB59} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {A53064F9-8612-462D-A117-D4B6981F27F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {AE508DCC-4AAB-49FC-8B38-9B36408FBC3C} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {D59F38EA-9A9C-4325-A810-07B09AA66020} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {DD0F7E4F-AC18-408E-B84F-CC5D6B6055A5} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-09-16] ()
Task: {E5A9D8AD-7886-425E-AFF5-F2C7D38E6B39} - System32\Tasks\Games\UpdateCheck_S-1-5-21-396452479-186164142-1222412316-1000
Task: {ED55BB91-0033-4B11-B7AB-6A2C7864F3E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {EF0739D1-AC80-4B69-8D3E-6AAB8A35EE4B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {F40B2E89-BB22-4369-9EA8-ACC628F4E2BC} - System32\Tasks\Games\UpdateCheck_S-1-5-21-396452479-186164142-1222412316-1003
Task: {F7EFF979-1B6E-4281-B8B4-85AC89D87662} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {FA49EB00-3617-43EB-B55C-763A1F838D58} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-24 16:18 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-07 02:03 - 2013-08-07 02:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2013-08-07 02:04 - 2013-08-07 02:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2014-11-06 22:44 - 2014-09-10 06:06 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-10-24 08:59 - 2010-10-26 11:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-11-06 19:57 - 2014-09-04 04:41 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-11-06 19:57 - 2014-09-04 04:41 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-10-24 08:55 - 2011-08-02 19:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-10-24 08:55 - 2011-08-02 19:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-11-22 14:22 - 2014-11-22 14:22 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-02 16:59 - 2015-03-02 16:59 - 00043008 _____ () c:\users\xaver_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb5zc58.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-01-26 18:52 - 2015-01-26 18:52 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2015-01-17 08:45 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-396452479-186164142-1222412316-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Xaver\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.234.128.9 - 195.234.128.16

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-396452479-186164142-1222412316-500 - Administrator - Disabled)
Gast (S-1-5-21-396452479-186164142-1222412316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-396452479-186164142-1222412316-1002 - Limited - Enabled)
Xaver (S-1-5-21-396452479-186164142-1222412316-1000 - Administrator - Enabled) => C:\Users\Xaver
Xaver_2 (S-1-5-21-396452479-186164142-1222412316-1003 - Limited - Enabled) => C:\Users\Xaver_2

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/02/2015 04:53:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-13 13:18:59.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 13:18:59.923
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 12:54:23.872
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 12:54:23.856
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 08:25:39.926
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 08:25:39.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 08:14:49.814
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 08:14:49.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 11:32:41.256
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 11:32:41.100
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 60%
Total physical RAM: 3506.98 MB
Available physical RAM: 1382.46 MB
Total Pagefile: 7012.14 MB
Available Pagefile: 4743.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100 GB) (Free:33.97 GB) NTFS
Drive d: (Daten) (Fixed) (Total:364.76 GB) (Free:219.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A1BE1D6)
Partition 1: (Active) - (Size=1 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=364.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 02.03.2015, 17:17   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-396452479-186164142-1222412316-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0Og5rfxXvBjEn77eG45A,,
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2015, 17:29   #11
ausdemaus
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Fix-Log:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Xaver at 2015-03-02 17:23:25 Run:1
Running from C:\Users\Xaver_2\Desktop
Loaded Profiles: Xaver & Xaver_2 (Available profiles: Xaver & Xaver_2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-396452479-186164142-1222412316-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0Og5rfxXvBjEn77eG45A,,
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}
EmptyTemp:
Hosts:
         


*****************

"HKU\S-1-5-21-396452479-186164142-1222412316-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-396452479-186164142-1222412316-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-396452479-186164142-1222412316-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 625.9 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:23:48 ====
         

Alt 02.03.2015, 21:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.03.2015, 22:11   #13
ausdemaus
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.03.2015
Suchlauf-Zeit: 22:09:31
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.02.06
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Xaver

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 390044
Verstrichene Zeit: 11 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [704ed16f622867cf9cd8ba6b17ee17e9], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [85391a26404a2e08abc842e329dcbc44], 
PUP.Optional.Linkury.A, HKU\S-1-5-21-396452479-186164142-1222412316-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [6e502f11474377bf8d784d727d862bd5], 

Registrierungswerte: 1
PUP.Optional.Linkury.A, HKU\S-1-5-21-396452479-186164142-1222412316-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|Publisher, YahooSM, In Quarantäne, [6e502f11474377bf8d784d727d862bd5]

Registrierungsdaten: 3
PUP.Optional.HelperBar.A, HKU\S-1-5-21-396452479-186164142-1222412316-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}),Ersetzt,[487628189befe84e6d7a7f4d70954db3]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-396452479-186164142-1222412316-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}),Ersetzt,[704e76ca1872d95d1dcb8a426d985da3]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-396452479-186164142-1222412316-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms}),Ersetzt,[aa14ef51c0ca9a9cb52eb7153bca3dc3]

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 15
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, In Quarantäne, [2d91340cbfcb3bfb6941dfd74bb643bd], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\604d99.msi, In Quarantäne, [2b9370d0246655e1ce29238a6c95ee12], 
PUP.Optional.VeriStaff, C:\Windows\Installer\604d9f.msi, In Quarantäne, [c2fc1b25dbaffe38048fea7310f0916f], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI622E.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [12ac5fe11575181e62384be37f81c838], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI64E3.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [922c8ab6ed9d8fa7b9e1aa842fd19070], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI9732.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [d7e7ea56850589ad2179b9758c74946c], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIF168.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [f7c7ff410189ff379efc012df60afa06], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIA2F9.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [a717c7792f5b54e2900a032b9868ff01], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIC94B.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [645aba864644a2944d4d092506fa2bd5], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI54A0.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [be002a16eaa00c2a2773eb4351afa858], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIFAF2.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [2a94142cd2b838fe376379b5dc241fe1], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIFF27.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [328cc37dafdb1e18e4b671bd2cd42bd5], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI29FD.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [e5d947f986047db98515ed418878f907], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [605ee65afa9082b4c7b03fe68e77e21e], 
PUP.Optional.HelperBar.A, C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q=");), Ersetzt,[4a74d96726640630583f67ac23e349b7]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d50ff161de12c9488a7407603804611e
# engine=22734
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-03 09:09:05
# local_time=2015-03-03 10:09:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 19392 29489627 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 53900 177046795 0 0
# scanned=754528
# found=140
# cleaned=0
# scan_time=14200
sh=28B1091D6D02EC40B4FA9D3B43E3274519500CC2 ft=1 fh=dc3dd842225a5598 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=FFE23BDD6346E7C5D29C42177F20155CC9F46D54 ft=1 fh=7a155473475e5bcb vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\smia.exe.vir"
sh=FA6AF80E753D92E2CDEAB92813DEDBD8424A8E09 ft=1 fh=c3a50bcc4f306f01 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\smia64.exe.vir"
sh=0A97E76D470BDF2FEC3210A9481458F73FA11FC5 ft=1 fh=0a1e00ceb507ee08 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir"
sh=5203FC48184140370D77A233D2B87E38789D1FAE ft=1 fh=4a7e921095e7b713 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir"
sh=F942C2DDD83B52C19800599A1EDC41CF4DD4B85B ft=1 fh=08056106f4cd783d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir"
sh=BDA09511E34B5B402029090624B8C16B2740EFBB ft=1 fh=4cddddbd6f60add9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir"
sh=FFB6DEEA914EDB830A2065A83CC43B06952DCDFB ft=1 fh=bbcfb579c6e9abfa vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir"
sh=B18AD571FCE903550FFBF758EAF2C042266690AD ft=1 fh=eef0b21cf141f89e vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srut.dll.vir"
sh=1FC6D13E860C374F82E7ED794D90F2FFF76BF452 ft=1 fh=6c14e3e167a49ab7 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_32.dll.vir"
sh=A41A407346118B661CEC513AD36A4482033251C6 ft=1 fh=13b93acb53fc915a vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_64.dll.vir"
sh=28B1091D6D02EC40B4FA9D3B43E3274519500CC2 ft=1 fh=dc3dd842225a5598 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=FFE23BDD6346E7C5D29C42177F20155CC9F46D54 ft=1 fh=7a155473475e5bcb vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\smia.exe.vir"
sh=FA6AF80E753D92E2CDEAB92813DEDBD8424A8E09 ft=1 fh=c3a50bcc4f306f01 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\smia64.exe.vir"
sh=0A97E76D470BDF2FEC3210A9481458F73FA11FC5 ft=1 fh=0a1e00ceb507ee08 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\sppsm.dll.vir"
sh=5203FC48184140370D77A233D2B87E38789D1FAE ft=1 fh=4a7e921095e7b713 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\spusm.dll.vir"
sh=F942C2DDD83B52C19800599A1EDC41CF4DD4B85B ft=1 fh=08056106f4cd783d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\srbs.dll.vir"
sh=BDA09511E34B5B402029090624B8C16B2740EFBB ft=1 fh=4cddddbd6f60add9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\srbu.dll.vir"
sh=FFB6DEEA914EDB830A2065A83CC43B06952DCDFB ft=1 fh=bbcfb579c6e9abfa vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\srptc.dll.vir"
sh=B18AD571FCE903550FFBF758EAF2C042266690AD ft=1 fh=eef0b21cf141f89e vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\srut.dll.vir"
sh=1FC6D13E860C374F82E7ED794D90F2FFF76BF452 ft=1 fh=6c14e3e167a49ab7 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\Resources\ntdis_32.dll.vir"
sh=A41A407346118B661CEC513AD36A4482033251C6 ft=1 fh=13b93acb53fc915a vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\LPT\Resources\ntdis_64.dll.vir"
sh=CF5AA05A6E333AA9885344A74206B0A4E75759EB ft=1 fh=7082011e713b1fc7 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\Lrcnta.exe.vir"
sh=8DB951F086E31E6D73AE7F3A7016C48E549B0523 ft=1 fh=983755a175bf1f76 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\Smartbar.exe.unused.vir"
sh=4C685D9DCC2D144D70ED50B918660F8C86A71BAF ft=1 fh=c4739051513afd1d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=24B15C15E9C1B13854A6C30CB9DE35B422AE6A4B ft=1 fh=11858545bf819d27 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=5B47B8E46C04FA3CE610CD1C583F2A77C8768BED ft=1 fh=b022a1896b0948ba vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=64E541FF22567CC88631E1B5B21DCE0A68A01436 ft=1 fh=2295c923ac6e9738 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=28B1091D6D02EC40B4FA9D3B43E3274519500CC2 ft=1 fh=dc3dd842225a5598 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=78D9E0411C1526954C2CBE6323DEEB2785DDEE4A ft=1 fh=fdb7dcf1b7f59c67 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=78D9E0411C1526954C2CBE6323DEEB2785DDEE4A ft=1 fh=fdb7dcf1b7f59c67 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=1FF9AF16D449C2BFB1EF1E7FA06BCDAA583F30A3 ft=1 fh=149a39831ca470ca vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=1FF9AF16D449C2BFB1EF1E7FA06BCDAA583F30A3 ft=1 fh=149a39831ca470ca vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=FA6AF80E753D92E2CDEAB92813DEDBD8424A8E09 ft=1 fh=c3a50bcc4f306f01 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\smia64.exe.vir"
sh=618D7CCD8FC26B9DD182002D94FDE0EC2412A339 ft=1 fh=6cae1c096c687eea vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\smsp.dll.vir"
sh=7AB836645400B6C93597C98F01344925B26ECB34 ft=1 fh=ccaa2072c2336201 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=EB25F2FC448AACEAA3E5CB017E712369E42C9747 ft=1 fh=6f92e9d9af0788c8 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=202B30E1DE95B9E2326E84C56125C4332788EDA8 ft=1 fh=85a07bdf5b422be2 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=911497C3842999564F201A892883380B0DDC0F6D ft=1 fh=6071f30fc8aea719 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=0A97E76D470BDF2FEC3210A9481458F73FA11FC5 ft=1 fh=0a1e00ceb507ee08 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=5203FC48184140370D77A233D2B87E38789D1FAE ft=1 fh=4a7e921095e7b713 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=F942C2DDD83B52C19800599A1EDC41CF4DD4B85B ft=1 fh=08056106f4cd783d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=BDA09511E34B5B402029090624B8C16B2740EFBB ft=1 fh=4cddddbd6f60add9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=F3EB186AE221978925BDF95B9EBD7110B7B29361 ft=1 fh=5ffd94704bbd93ac vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=B18AD571FCE903550FFBF758EAF2C042266690AD ft=1 fh=eef0b21cf141f89e vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\srut.dll.vir"
sh=C017F422723F95B2F7A57B0EAED2615F60C0A233 ft=1 fh=0d7aa04b8ca04d08 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=00E358003E82516A33E3D834CDA66362E1CE113D ft=1 fh=bed6c6187d6e6527 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=3A3E33010480F28C82F13F9B82A8A8250A4E24C9 ft=1 fh=dac6c464e5f8caf3 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=E924ACC7D0ADA5E9DCD9BF470F43C111DA7DCAC0 ft=1 fh=f7ce5c0d4777c675 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=3104A4AF7EE939C3A72311EEFC655D9E90C84E6D ft=1 fh=20179e17001b2b68 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=4BEC847ED8A9161B730C7FC3CE8BF88B459AFC26 ft=1 fh=64a2134b5fbfb573 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=188BCFB0653F0BBCE88A1E22BC3CC8FD0C433134 ft=1 fh=96d9225e06f9ddbf vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xaver\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI29FD.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI29FD.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI29FD.tmp-\spusm.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI29FD.tmp-\srptc.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI29FD.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=AE0496E8B7EF7260A5A9A03C5283D6345D09A13C ft=1 fh=d5332291c5aae89f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\spbe.dll"
sh=354DAE7D75BC3750A7C27F46E144689ADD69FECE ft=1 fh=56e124954a8ab304 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\spbl.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\srptc.dll"
sh=A80CE1722B00015806A72129AD99D6CD456BC430 ft=1 fh=a0739cbdc3e3df69 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\srpu.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI54A0.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI622E.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI622E.tmp-\spbe.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI622E.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI622E.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI622E.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI622E.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI622E.tmp-\srptc.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI622E.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=AE0496E8B7EF7260A5A9A03C5283D6345D09A13C ft=1 fh=d5332291c5aae89f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\spbe.dll"
sh=354DAE7D75BC3750A7C27F46E144689ADD69FECE ft=1 fh=56e124954a8ab304 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\spbl.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\srptc.dll"
sh=A80CE1722B00015806A72129AD99D6CD456BC430 ft=1 fh=a0739cbdc3e3df69 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\srpu.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64E3.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=AE0496E8B7EF7260A5A9A03C5283D6345D09A13C ft=1 fh=d5332291c5aae89f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\spbe.dll"
sh=354DAE7D75BC3750A7C27F46E144689ADD69FECE ft=1 fh=56e124954a8ab304 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\spbl.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\srptc.dll"
sh=A80CE1722B00015806A72129AD99D6CD456BC430 ft=1 fh=a0739cbdc3e3df69 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\srpu.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9732.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA2F9.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA2F9.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA2F9.tmp-\spusm.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA2F9.tmp-\srptc.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA2F9.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=AE0496E8B7EF7260A5A9A03C5283D6345D09A13C ft=1 fh=d5332291c5aae89f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\spbe.dll"
sh=354DAE7D75BC3750A7C27F46E144689ADD69FECE ft=1 fh=56e124954a8ab304 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\spbl.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\srptc.dll"
sh=A80CE1722B00015806A72129AD99D6CD456BC430 ft=1 fh=a0739cbdc3e3df69 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\srpu.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIC94B.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF168.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF168.tmp-\spbe.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF168.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF168.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF168.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF168.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF168.tmp-\srptc.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF168.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFAF2.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFAF2.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFAF2.tmp-\spusm.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFAF2.tmp-\srptc.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFAF2.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=AE0496E8B7EF7260A5A9A03C5283D6345D09A13C ft=1 fh=d5332291c5aae89f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\spbe.dll"
sh=354DAE7D75BC3750A7C27F46E144689ADD69FECE ft=1 fh=56e124954a8ab304 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\spbl.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\srptc.dll"
sh=A80CE1722B00015806A72129AD99D6CD456BC430 ft=1 fh=a0739cbdc3e3df69 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\srpu.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFF27.tmp-\srut.dll"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="D:\Call of Duty\Daemon Tools Lite.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="G:\Call of Duty\Daemon Tools Lite.exe"
         

Alt 04.03.2015, 10:56   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Windows\Installer\MSI29FD.tmp-
C:\Windows\Installer\MSI54A0.tmp-
C:\Windows\Installer\MSI622E.tmp-
C:\Windows\Installer\MSI64E3.tmp-
C:\Windows\Installer\MSI9732.tmp
C:\Windows\Installer\MSIA2F9.tmp-
C:\Windows\Installer\MSIF168.tmp-
C:\Windows\Installer\MSIFAF2.tmp-
C:\Windows\Installer\MSIFF27.tmp-
D:\Call of Duty\Daemon Tools Lite.exe
cmd: dir /oge c:\windows\installer
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.03.2015, 16:44   #15
ausdemaus
 
Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Standard

Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Xaver at 2015-03-04 16:36:53 Run:2
Running from C:\Users\Xaver_2\Desktop
Loaded Profiles: Xaver & Xaver_2 (Available profiles: Xaver & Xaver_2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\Installer\MSI29FD.tmp-
C:\Windows\Installer\MSI54A0.tmp-
C:\Windows\Installer\MSI622E.tmp-
C:\Windows\Installer\MSI64E3.tmp-
C:\Windows\Installer\MSI9732.tmp
C:\Windows\Installer\MSIA2F9.tmp-
C:\Windows\Installer\MSIF168.tmp-
C:\Windows\Installer\MSIFAF2.tmp-
C:\Windows\Installer\MSIFF27.tmp-
D:\Call of Duty\Daemon Tools Lite.exe
cmd: dir /oge c:\windows\installer
EmptyTemp:
Hosts:
*****************

C:\Windows\Installer\MSI29FD.tmp- => Moved successfully.
C:\Windows\Installer\MSI54A0.tmp- => Moved successfully.
C:\Windows\Installer\MSI622E.tmp- => Moved successfully.
C:\Windows\Installer\MSI64E3.tmp- => Moved successfully.
"C:\Windows\Installer\MSI9732.tmp" => File/Directory not found.
C:\Windows\Installer\MSIA2F9.tmp- => Moved successfully.
C:\Windows\Installer\MSIF168.tmp- => Moved successfully.
C:\Windows\Installer\MSIFAF2.tmp- => Moved successfully.
C:\Windows\Installer\MSIFF27.tmp- => Moved successfully.
D:\Call of Duty\Daemon Tools Lite.exe => Moved successfully.

=========  dir /oge c:\windows\installer =========

 Datentr�ger in Laufwerk C: ist System
 Volumeseriennummer: 1C81-9F2E

 Verzeichnis von c:\windows\installer

22.12.2014  21:57    <DIR>          {FB415F81-DC5E-ED99-D2FE-3DC4D88BCA58}
22.12.2014  21:58    <DIR>          {F7FE0989-5F4C-3499-B78F-A63E942D100B}
22.12.2014  21:53    <DIR>          {F2A7CE36-57BF-5C86-952D-90DBF3746D82}
22.12.2014  21:57    <DIR>          {EEFDBD75-0BD9-AC5F-8F61-903C6A19C0ED}
22.12.2014  21:57    <DIR>          {DBAFD1B4-DDC5-DD01-D1C4-E7AEB5139097}
22.12.2014  21:57    <DIR>          {D94F2DE6-55B4-B211-A381-54089BC791A0}
22.12.2014  21:58    <DIR>          {D0FD2FF9-1BE9-E729-3878-9A603B5F1529}
22.12.2014  21:52    <DIR>          {C2956908-53A3-88FC-B795-B16508296FC4}
24.10.2014  12:10    <DIR>          {C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}
24.10.2014  14:00    <DIR>          {BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}
22.12.2014  21:57    <DIR>          {BBC9BF50-A35D-B0C2-9117-F3CA2F6BB64A}
24.10.2014  08:59    <DIR>          {B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}
16.12.2014  10:27    <DIR>          {B5BB2F98-F948-4057-884A-49272652F274}
22.12.2014  21:58    <DIR>          {B1977E93-5FC0-0BA4-2D5A-D3E69870C7D4}
11.12.2014  08:42    <DIR>          {AC76BA86-7AD7-1031-7B44-AB0000000001}
01.01.2015  15:37    <DIR>          {AC76BA86-0804-1033-1959-001802114130}
06.11.2014  19:38    <DIR>          {ABE2F70B-8D94-44E9-AA04-F0DB35063D62}
22.12.2014  21:57    <DIR>          {A85092B2-8FB5-5A8C-B27A-69A3D78979D8}
06.11.2014  19:39    <DIR>          {A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}
24.10.2014  12:22    <DIR>          {A2AC0D43-9788-B1BD-B2A8-EFC758916BB1}
24.10.2014  09:03    <DIR>          {A1439D4F-FD46-47F2-A1D3-FEE097C29A09}
22.12.2014  21:57    <DIR>          {988949CE-DE9A-D187-A010-22B9085FB813}
22.12.2014  21:52    <DIR>          {900FD4B9-9C27-D907-36E7-E9CCF170E2FC}
22.12.2014  21:58    <DIR>          {8F2415FA-72F2-F029-0450-4EB2FAE484C5}
22.12.2014  21:57    <DIR>          {8ECCC07B-83E3-3877-26DF-815CD2B30749}
22.12.2014  21:57    <DIR>          {8BD7C51C-0CC4-3E28-CFDC-F7D4C5583783}
30.10.2014  17:30    <DIR>          {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
22.12.2014  21:57    <DIR>          {894CBED0-8225-D59B-5632-D01B14C6D520}
22.12.2014  21:57    <DIR>          {7FE73251-50FA-E864-67EB-19C4BC7AA1C9}
24.10.2014  09:07    <DIR>          {7DD99174-299B-4450-A179-7F27F4C2D042}
22.12.2014  21:57    <DIR>          {7ABA4B54-3672-0548-C1CC-97405F767061}
22.12.2014  21:57    <DIR>          {7481E13B-EC16-1B14-0E32-E88165CD4C57}
13.11.2014  16:39    <DIR>          {70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}
22.12.2014  21:58    <DIR>          {6B254D2F-6F6F-5455-DD3B-E71E5C1C0C9A}
22.12.2014  21:57    <DIR>          {6AE0A655-9BB8-460E-1956-ED37E3B221FA}
01.02.2015  16:15    <DIR>          {692F1402-6F45-42F3-9D82-9AAEFBFAD4A1}
24.10.2014  12:07    <DIR>          {69129E70-8FCF-3E44-1633-7ED1C844165A}
15.01.2015  20:34    <DIR>          {653C1B5A-3287-47B1-8613-0745D4E771C4}
22.12.2014  21:57    <DIR>          {637B1239-84B7-0B0F-2549-7020CA57C831}
22.12.2014  21:57    <DIR>          {5958C669-28BF-D667-A004-E6FBF448027D}
05.01.2015  13:27    <DIR>          {5783F2D7-E001-0407-2102-0060B0CE6BBA}
05.01.2015  13:27    <DIR>          {5783F2D7-E001-0407-1102-0060B0CE6BBA}
05.01.2015  13:26    <DIR>          {5783F2D7-E001-0000-0102-0060B0CE6BBA}
24.10.2014  08:55    <DIR>          {503F672D-6C84-448A-8F8F-4BC35AC83441}
22.12.2014  21:57    <DIR>          {4D594F78-0C6D-1442-61CC-94D735FEC05D}
24.10.2014  13:21    <DIR>          {4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}
22.12.2014  21:57    <DIR>          {4BD8FB0D-9407-429D-C412-FAE0A318A8AE}
24.10.2014  09:02    <DIR>          {46A84694-59EC-48F0-964C-7E76E9F8A2ED}
27.02.2015  10:56    <DIR>          {44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}
06.11.2014  19:38    <DIR>          {427F733F-4D6C-45BC-9324-EB743104C321}
22.12.2014  21:53    <DIR>          {426582A8-202F-D13C-8BD5-F00551BAFC93}
22.12.2014  21:57    <DIR>          {339647D6-A277-974F-FF29-83CA6284559B}
22.12.2014  21:57    <DIR>          {2D61415B-F99C-8161-F452-760B6E441428}
22.12.2014  21:57    <DIR>          {2C9A2369-162D-7AD7-D50F-5F59CEC8A046}
24.10.2014  07:57    <DIR>          {25C64847-B900-48AD-A164-1B4F9B774650}
10.01.2015  20:23    <DIR>          {15A5D29A-F209-49FD-BA47-5E4C882FF496}
22.12.2014  21:58    <DIR>          {1543E140-FADF-9E99-D388-4435C2FBC55E}
24.10.2014  13:22    <DIR>          {13BD494D-9ACD-420B-A291-E145DED92EF6}
22.12.2014  21:57    <DIR>          {11087D24-567D-7D88-69C6-D7A08B5F4C47}
22.12.2014  21:57    <DIR>          {0FE3F13F-8A37-46BA-F973-762F81E833C3}
24.10.2014  08:55    <DIR>          {0C59A352-403D-F080-7DAE-12E3DA4F16F1}
26.10.2014  14:06    <DIR>          MSIFAF1.tmp-
26.10.2014  13:55    <DIR>          MSIECB6.tmp-
02.03.2015  22:22    <DIR>          MSIC94B.tmp-
26.10.2014  14:59    <DIR>          MSIC6E6.tmp-
26.10.2014  12:53    <DIR>          MSIBA1E.tmp-
24.10.2014  09:54    <DIR>          MSIA965.tmp-
24.10.2014  09:54    <DIR>          MSIA742.tmp-
24.10.2014  09:54    <DIR>          MSIA510.tmp-
24.10.2014  09:54    <DIR>          MSIA1F2.tmp-
02.03.2015  22:22    <DIR>          MSI9732.tmp-
26.10.2014  13:51    <DIR>          MSIFD87.tmp-
24.10.2014  09:54    <DIR>          MSI95D0.tmp-
11.11.2014  10:52    <DIR>          MSI92AD.tmp-
24.10.2014  09:54    <DIR>          MSI8F66.tmp-
26.10.2014  13:50    <DIR>          MSI857A.tmp-
24.10.2014  09:53    <DIR>          MSI80C3.tmp-
26.10.2014  13:50    <DIR>          MSI78CC.tmp-
26.10.2014  14:24    <DIR>          MSI77B3.tmp-
24.10.2014  00:16    <DIR>          MSI64DE.tmp-
24.10.2014  00:16    <DIR>          MSI5BF6.tmp-
24.10.2014  00:16    <DIR>          MSI5B49.tmp-
24.10.2014  00:16    <DIR>          MSI5A8D.tmp-
24.10.2014  00:16    <DIR>          MSI59D1.tmp-
24.10.2014  00:16    <DIR>          MSI58B7.tmp-
26.10.2014  12:53    <DIR>          MSI5735.tmp-
24.10.2014  00:16    <DIR>          MSI5665.tmp-
24.10.2014  00:16    <DIR>          MSI5480.tmp-
24.10.2014  00:16    <DIR>          MSI53A5.tmp-
24.10.2014  00:16    <DIR>          MSI526B.tmp-
24.10.2014  00:15    <DIR>          MSI500A.tmp-
26.10.2014  13:50    <DIR>          MSI43A8.tmp-
26.10.2014  12:54    <DIR>          MSI3A0F.tmp-
26.10.2014  13:55    <DIR>          MSI243B.tmp-
26.10.2014  12:54    <DIR>          MSI23BD.tmp-
26.10.2014  12:54    <DIR>          MSI1654.tmp-
24.10.2014  12:22            20.480 SourceHash{A2AC0D43-9788-B1BD-B2A8-EFC758916BB1}
24.10.2014  09:03            20.480 SourceHash{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}
06.11.2014  19:55            20.480 SourceHash{9D589081-AFC2-4932-9071-AC585AC1EA83}
31.10.2014  00:35            20.480 SourceHash{9BE518E6-ECC6-35A9-88E4-87755C07200F}
06.11.2014  22:44            20.480 SourceHash{9A25302D-30C0-39D9-BD6F-21E6EC160475}
22.12.2014  21:57            20.480 SourceHash{988949CE-DE9A-D187-A010-22B9085FB813}
12.02.2015  00:05            20.480 SourceHash{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}
24.10.2014  16:23            20.480 SourceHash{90150000-008F-0000-1000-0000000FF1CE}
24.10.2014  16:37            20.480 SourceHash{90150000-008C-0407-0000-0000000FF1CE}
24.10.2014  16:36            20.480 SourceHash{90150000-008C-0000-0000-0000000FF1CE}
22.12.2014  21:52            20.480 SourceHash{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
06.11.2014  19:39            20.480 SourceHash{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}
06.11.2014  19:39            20.480 SourceHash{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}
25.10.2014  15:39            24.576 SourceHash{A662E280-64A8-4CF5-8407-13D0808602B3}
22.12.2014  21:57            20.480 SourceHash{A85092B2-8FB5-5A8C-B27A-69A3D78979D8}
06.11.2014  19:38            20.480 SourceHash{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}
22.12.2014  21:52            20.480 SourceHash{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
01.01.2015  15:37            20.480 SourceHash{AC76BA86-0804-1033-1959-001802114130}
01.11.2014  20:31            20.480 SourceHash{AC76BA86-7AD7-1031-7B44-AB0000000001}
24.10.2014  10:08            20.480 SourceHash{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
30.10.2014  17:12            20.480 SourceHash{B175520C-86A2-35A7-8619-86DC379688B9}
22.12.2014  21:58            20.480 SourceHash{B1977E93-5FC0-0BA4-2D5A-D3E69870C7D4}
16.12.2014  10:27            20.480 SourceHash{B5BB2F98-F948-4057-884A-49272652F274}
24.10.2014  08:59            20.480 SourceHash{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}
22.12.2014  21:57            20.480 SourceHash{BBC9BF50-A35D-B0C2-9117-F3CA2F6BB64A}
26.10.2014  12:54            20.480 SourceHash{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
30.10.2014  17:12            20.480 SourceHash{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
24.10.2014  13:56            20.480 SourceHash{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}
24.10.2014  12:10            20.480 SourceHash{C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}
06.11.2014  19:55            20.480 SourceHash{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}
24.10.2014  08:09            20.480 SourceHash{C513739C-5F16-37B5-9ACF-99925FF1C1F3}
06.11.2014  19:55            20.480 SourceHash{C8125548-F2D5-4059-823F-1F3C5BBD9F19}
30.10.2014  17:14            20.480 SourceHash{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
22.12.2014  21:58            20.480 SourceHash{D0FD2FF9-1BE9-E729-3878-9A603B5F1529}
22.12.2014  21:57            20.480 SourceHash{DBAFD1B4-DDC5-DD01-D1C4-E7AEB5139097}
24.10.2014  07:56            20.480 SourceHash{DDAA788F-52E6-44EA-ADB8-92837B11BF26}
06.11.2014  19:35            20.480 SourceHash{E13C2577-9AD8-4CE8-9E16-E72EFADF1302}
06.11.2014  19:55            20.480 SourceHash{EDDEE94B-214D-4B07-9727-A3E46F3E379A}
22.12.2014  21:57            20.480 SourceHash{EEFDBD75-0BD9-AC5F-8F61-903C6A19C0ED}
30.10.2014  17:11            20.480 SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
22.12.2014  21:53            20.480 SourceHash{F2A7CE36-57BF-5C86-952D-90DBF3746D82}
22.12.2014  21:58            20.480 SourceHash{F7FE0989-5F4C-3499-B78F-A63E942D100B}
18.01.2015  17:41            20.480 SourceHash{90120000-0010-0407-0000-0000000FF1CE}
22.12.2014  21:57            20.480 SourceHash{FB415F81-DC5E-ED99-D2FE-3DC4D88BCA58}
22.12.2014  21:51            20.480 SourceHash{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
22.12.2014  21:57            20.480 SourceHash{D94F2DE6-55B4-B211-A381-54089BC791A0}
24.10.2014  08:55            20.480 SourceHash{0C59A352-403D-F080-7DAE-12E3DA4F16F1}
22.12.2014  21:57            20.480 SourceHash{0FE3F13F-8A37-46BA-F973-762F81E833C3}
22.12.2014  21:57            20.480 SourceHash{11087D24-567D-7D88-69C6-D7A08B5F4C47}
22.12.2014  21:58            20.480 SourceHash{1543E140-FADF-9E99-D388-4435C2FBC55E}
10.01.2015  20:22            20.480 SourceHash{15A5D29A-F209-49FD-BA47-5E4C882FF496}
12.02.2015  00:07            20.480 SourceHash{180500C1-57BB-3AA8-8E55-DCD5ECD16537}
30.10.2014  17:11            20.480 SourceHash{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
30.10.2014  17:10            20.480 SourceHash{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
24.10.2014  17:05            20.480 SourceHash{23170F69-40C1-2702-0920-000001000000}
24.10.2014  07:57            28.672 SourceHash{25C64847-B900-48AD-A164-1B4F9B774650}
14.01.2015  17:08            28.672 SourceHash{26784146-6E05-3FF9-9335-786C7C0FB5BE}
24.10.2014  12:22            20.480 SourceHash{2C637DB1-3E0A-4089-8366-C6C0B01E5C2B}
22.12.2014  21:57            20.480 SourceHash{2C9A2369-162D-7AD7-D50F-5F59CEC8A046}
22.12.2014  21:57            20.480 SourceHash{2D61415B-F99C-8161-F452-760B6E441428}
22.12.2014  21:51            20.480 SourceHash{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
22.12.2014  21:57            20.480 SourceHash{339647D6-A277-974F-FF29-83CA6284559B}
30.10.2014  17:15            20.480 SourceHash{37B8F9C7-03FB-3253-8781-2517C99D7C00}
16.12.2014  10:46            20.480 SourceHash{41E18CDA-69BC-4E5E-BB17-424D8D01F1F9}
22.12.2014  21:53            20.480 SourceHash{426582A8-202F-D13C-8BD5-F00551BAFC93}
06.11.2014  19:38            20.480 SourceHash{427F733F-4D6C-45BC-9324-EB743104C321}
27.02.2015  10:55            45.056 SourceHash{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}
24.10.2014  09:02            20.480 SourceHash{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
30.10.2014  17:11            20.480 SourceHash{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
22.12.2014  21:57            20.480 SourceHash{4BD8FB0D-9407-429D-C412-FAE0A318A8AE}
24.10.2014  13:21            20.480 SourceHash{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}
22.12.2014  21:57            20.480 SourceHash{4D594F78-0C6D-1442-61CC-94D735FEC05D}
26.10.2014  12:53            20.480 SourceHash{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}
24.10.2014  08:55            20.480 SourceHash{503F672D-6C84-448A-8F8F-4BC35AC83441}
06.11.2014  19:41           413.696 SourceHash{5783F2D7-E001-0000-0102-0060B0CE6BBA}
06.11.2014  19:54           299.008 SourceHash{5783F2D7-E001-0407-1102-0060B0CE6BBA}
06.11.2014  19:55            32.768 SourceHash{5783F2D7-E001-0407-2102-0060B0CE6BBA}
22.12.2014  21:57            20.480 SourceHash{5958C669-28BF-D667-A004-E6FBF448027D}
24.10.2014  10:10            20.480 SourceHash{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
22.12.2014  21:57            20.480 SourceHash{637B1239-84B7-0B0F-2549-7020CA57C831}
15.01.2015  20:33            20.480 SourceHash{653C1B5A-3287-47B1-8613-0745D4E771C4}
01.02.2015  16:15            20.480 SourceHash{692F1402-6F45-42F3-9D82-9AAEFBFAD4A1}
22.12.2014  21:57            20.480 SourceHash{6AE0A655-9BB8-460E-1956-ED37E3B221FA}
22.12.2014  21:58            20.480 SourceHash{6B254D2F-6F6F-5455-DD3B-E71E5C1C0C9A}
12.01.2015  03:00            20.480 SourceHash{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
22.12.2014  21:57            20.480 SourceHash{7481E13B-EC16-1B14-0E32-E88165CD4C57}
25.10.2014  15:36            20.480 SourceHash{790EC520-CCCC-4810-A0FE-061633204CE4}
22.12.2014  21:57            20.480 SourceHash{7ABA4B54-3672-0548-C1CC-97405F767061}
15.01.2015  20:39            20.480 SourceHash{7B77622E-DE90-48EA-B2C7-227B1DE58A01}
18.01.2015  17:24            28.672 SourceHash{7C222DD9-097A-4E53-B8BD-883B68D9537A}
24.10.2014  09:07            20.480 SourceHash{7DD99174-299B-4450-A179-7F27F4C2D042}
22.12.2014  21:57            20.480 SourceHash{7FE73251-50FA-E864-67EB-19C4BC7AA1C9}
06.11.2014  19:55            20.480 SourceHash{85735431-6CD3-4B16-BEC8-95332034E53B}
22.12.2014  21:57            20.480 SourceHash{894CBED0-8225-D59B-5632-D01B14C6D520}
30.10.2014  17:30            20.480 SourceHash{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
22.12.2014  21:57            20.480 SourceHash{8BD7C51C-0CC4-3E28-CFDC-F7D4C5583783}
22.12.2014  21:57            20.480 SourceHash{8ECCC07B-83E3-3877-26DF-815CD2B30749}
22.12.2014  21:58            20.480 SourceHash{8F2415FA-72F2-F029-0450-4EB2FAE484C5}
22.12.2014  21:52            20.480 SourceHash{900FD4B9-9C27-D907-36E7-E9CCF170E2FC}
12.07.2009  12:16           223.232 3f71b1.msi
19.04.2011  03:21           235.520 112d33.msi
24.09.2012  04:47         2.399.232 f9e8ed.msi
24.10.2014  13:54       109.115.392 e10ce4.msi
16.04.2011  08:44         2.770.944 bae7555.msi
24.10.2014  13:20        20.830.720 b992a3.msi
31.08.2004  23:05        21.249.024 b7ef9.msi
28.10.2006  04:17            49.152 b4915.msi
28.01.2014  18:18         3.928.064 b33364.msi
12.02.2014  23:36         1.531.904 b3335d.msi
22.01.2014  03:24         2.214.400 b33356.msi
22.01.2014  03:22         2.314.752 b3334f.msi
22.01.2014  03:26        28.280.832 b33348.msi
20.02.2014  12:36         7.274.496 b33340.msi
20.02.2014  12:35         7.884.800 b33337.msi
13.02.2014  01:02        13.811.712 b3332d.msi
12.02.2014  12:58         4.165.632 b33322.msi
10.02.2014  21:55        55.726.080 b3331b.msi
09.12.2013  12:12         2.397.184 b33310.msi
09.12.2013  12:12         2.612.736 b33307.msi
16.12.2014  10:27        37.612.544 aedf7.msi
16.09.2014  12:52         8.741.888 87bdd.msi
24.10.2014  07:55         2.101.760 87bd8.msi
15.01.2015  20:30         2.875.392 8600e.msi
03.09.2014  03:42           440.832 7a2d17.msi
03.09.2014  00:32           548.352 7a2cf6.msi
21.08.2014  13:39           411.136 79fef9.msi
24.09.2014  16:43         1.501.696 79fec9.msi
24.09.2014  16:42           388.608 79fc1f.msi
24.10.2014  17:04         1.376.768 75dcdc.msi
01.01.2015  15:37           849.408 65a09.msi
24.02.2015  22:30            49.152 650b89c.msi
24.02.2015  22:17           552.960 650b87a.msi
24.02.2015  22:17        11.911.168 650b859.msi
24.02.2015  22:18        11.083.776 650b7fc.msi
24.10.2014  00:18         1.304.576 64459.msi
24.10.2014  00:18           829.440 64453.msi
24.10.2014  00:18         1.544.704 6444d.msi
19.04.2011  04:54           227.328 12aadc7.msi
08.08.2008  14:11           232.960 5addd8.msi
07.10.2013  20:55         2.814.464 57bc23.msi
19.11.2014  16:36           355.328 5662953.msi
12.09.2014  00:44         5.361.664 51b7286.msi
12.09.2013  16:27           786.432 147840.msi
14.05.2014  00:00            37.888 43cc1e.msi
30.10.2013  05:08           151.552 43bef4.msi
26.07.2012  21:01           151.552 15ae3e.msi
26.07.2012  21:05           155.648 15ae44.msi
30.10.2013  05:09           151.552 43bed5.msi
30.10.2013  05:08           151.552 43beb6.msi
30.10.2013  05:08           151.552 43be97.msi
19.02.2011  22:57           177.664 430b0f.msi
19.02.2011  23:08           163.840 3f71bf.msi
12.07.2009  07:43           231.936 3f71b7.msi
15.04.2011  23:14         3.186.176 112d2d.msi
12.04.2014  17:48         1.572.864 3b6923.msi
26.07.2012  20:58           155.648 15ae4a.msi
16.12.2014  10:45        14.306.816 27a219.msi
24.10.2014  09:07        78.771.200 1be046.msi
01.04.2013  12:35        10.794.496 1be03d.msi
24.10.2014  09:01         7.628.800 1be014.msi
31.08.2012  18:28        13.447.168 1be00d.msi
10.06.2012  21:09        17.166.848 1bdffb.msi
10.06.2012  21:08         1.762.816 1bdff5.msi
01.02.2015  16:15        47.590.912 1944056.msi
28.11.2014  21:14         2.752.000 15b1a0.msi
28.11.2014  21:08        56.734.720 15b18f.msi
28.11.2014  21:12           408.064 15b188.msi
28.11.2014  21:11           918.016 15b182.msi
28.11.2014  21:11           723.968 15b17c.msi
28.11.2014  21:11           718.848 15b176.msi
28.11.2014  21:11           730.112 15b170.msi
28.11.2014  21:11           745.984 15b16a.msi
28.11.2014  21:11           714.752 15b164.msi
28.11.2014  21:11           821.248 15b15e.msi
28.11.2014  21:10           726.016 15b158.msi
28.11.2014  21:10           740.352 15b152.msi
28.11.2014  21:10           709.632 15b14c.msi
28.11.2014  21:10           715.776 15b146.msi
28.11.2014  21:10           748.544 15b140.msi
28.11.2014  21:10           767.488 15b13a.msi
28.11.2014  21:10           723.968 15b134.msi
28.11.2014  21:10           748.032 15b12e.msi
28.11.2014  21:09           733.184 15b128.msi
28.11.2014  21:09           720.896 15b122.msi
28.11.2014  21:09           726.528 15b11c.msi
28.11.2014  21:09           710.144 15b116.msi
28.11.2014  21:09           840.192 15b110.msi
28.11.2014  21:09           739.328 15b10a.msi
28.11.2014  21:09           716.800 15b104.msi
28.11.2014  21:09           747.520 15b0fe.msi
28.11.2014  21:13         2.281.984 15b0f8.msi
28.11.2014  21:13         3.033.088 15b0f2.msi
11.11.2014  09:49           439.808 15b0eb.msi
28.11.2014  21:16           388.608 15aec9.msi
05.12.2014  02:18         8.888.320 15aec3.msi
28.11.2014  21:11           794.112 15aebc.msi
26.07.2012  21:09           155.648 15ae50.msi
15.09.2011  18:36        15.074.816 34d6f5.msp
12.09.2014  13:39        45.158.400 f9e8ee.msp
28.06.2011  21:21         4.637.184 12a5211.msp
30.10.2014  17:30        53.303.296 43cc26.msp
17.01.2015  08:45            36.864 1453f0.msp
17.01.2015  08:45            36.864 1453e9.msp
08.12.2014  14:58         6.922.240 612f5.msp
28.06.2011  21:27         4.028.928 12a8457.msp
06.11.2014  19:39                 0 wix{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}.SchedServiceConfig.rmi
24.10.2014  00:16                 0 wix{3A979044-2415-417E-83A6-BAD69D5DBBF5}.SchedServiceConfig.rmi
24.10.2014  09:07             9.216 MSICF8A.tmp
             208 Datei(en),    805.862.912 Bytes
              96 Verzeichnis(se), 38.445.289.472 Bytes frei

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 14.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:37:03 ====
         

Antwort

Themen zu Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien
adware, antivirus, bildschirm, browser, computer, defender, ebanking, feedback, festplatte, firefox, flash player, frage, homepage, kaspersky, legales programm, mozilla, object, performance, problem, programm, realtek, registry, rundll, scan, schutz, security, software, windows



Ähnliche Themen: Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien


  1. Win7 prof.: Update.exe Fehlermeldung erscheint und diverse infizierte Dateien wie toolbar.perion.h etc.
    Log-Analyse und Auswertung - 28.08.2015 (20)
  2. G Data meldet wiederholt Problem mit rpcnetp.exe
    Plagegeister aller Art und deren Bekämpfung - 29.06.2015 (46)
  3. Windows 7: Kaspersky meldet ständig zu desinfizierende .dll-dateien
    Log-Analyse und Auswertung - 24.02.2015 (13)
  4. BitDefender meldet mir ständig infizierte Webressource
    Log-Analyse und Auswertung - 23.09.2014 (20)
  5. WIN 7: Ad-Aware meldet infizierte Dateien
    Log-Analyse und Auswertung - 17.02.2014 (18)
  6. PUP.Optional. ........ ca. 800 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 28.10.2013 (17)
  7. Malwarebytes meldet 88 infizierte Objekte!
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (20)
  8. Windows 7 64 Bit: Neustartschleife bei Kaspersky-Installation,442 infizierte Dateien laut MBAM
    Log-Analyse und Auswertung - 23.09.2013 (7)
  9. Infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (11)
  10. Windows7|64-bit System|Avast meldet 5 infizierte Dateien
    Log-Analyse und Auswertung - 14.08.2013 (7)
  11. 2 infizierte Dateien bei MBam
    Log-Analyse und Auswertung - 26.02.2013 (3)
  12. Infizierte Dateien
    Log-Analyse und Auswertung - 19.12.2012 (2)
  13. 10 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 26.10.2011 (3)
  14. Kaspersky meldet schädliche Dateien
    Plagegeister aller Art und deren Bekämpfung - 20.07.2009 (0)
  15. avira meldet wiederholt Dropper
    Plagegeister aller Art und deren Bekämpfung - 27.02.2009 (1)
  16. Sunbelt/Kero Firewall meldet wiederholt Eindringversuch
    Log-Analyse und Auswertung - 07.08.2007 (12)
  17. Antivir meldet mir eine infizierte Datei.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2005 (2)

Zum Thema Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien - Hallo, ich habe folgendes Problem: Seit kurzem meldet meine Kaspersky Antivirus Software immer wieder mehrere DLL-Dateien mit folgendem Kommentar: Datei: C:\Windows\Temp\j_vfu5c.dll "Ein Angreifer kann ein legales Programm benutzen, um ihren - Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien...
Archiv
Du betrachtest: Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.