Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PUA/iLivid.Gen auf Win7x64 Notebook

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 01.06.2015, 21:42   #1
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



Hallo!

Ich habe mir auf diesem Rechner vor einiger Zeit einen Schädling eingefangen.

Ich wollte mir ein Update für den DVDvideosoft youtube to mp3 converter herunterladen. Auf der Downloadseite habe ich dann wohl versehentlich auf einen dieser Downloader-Werbebuttons geklickt und der Schaden war angerichtet... Über Antivir kam die Meldung rein --> 'Adware/SeaSuite.inze'. Den Download habe ich dann nicht mehr ausgeführt.

AntiVir Ereignis-Report:
Code:
ATTFilter
Exportierte Ereignisse:

20.01.2015 17:35 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Andreas\AppData\Local\Opera\Opera\cache\g_0012\opr00EFC.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/SeaSuite.inze' 
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '502228c3.qua' 
      verschoben!
         
Kurze Zeit später kam es zu einem Kernel-Power-Shutdown, wobei ich mir nicht sicher bin, ob der was mit dem Virus zu tun hat. Dieses Problem ist bis jetzt nicht mehr aufgetreten.

Kernel-Power Shutdown:
Code:
ATTFilter
Protokollname: System
Quelle:        Microsoft-Windows-Kernel-Power
Datum:         20.01.2015 17:58:05
Ereignis-ID:   41
Aufgabenkategorie:(63)
Ebene:         Kritisch
Schlüsselwörter:(2)
Benutzer:      SYSTEM
Computer:      Andreas-PC
Beschreibung:
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
    <EventID>41</EventID>
    <Version>2</Version>
    <Level>1</Level>
    <Task>63</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000002</Keywords>
    <TimeCreated SystemTime="2015-01-20T16:58:05.513619300Z" />
    <EventRecordID>518966</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Channel>System</Channel>
    <Computer>Andreas-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="BugcheckCode">0</Data>
    <Data Name="BugcheckParameter1">0x0</Data>
    <Data Name="BugcheckParameter2">0x0</Data>
    <Data Name="BugcheckParameter3">0x0</Data>
    <Data Name="BugcheckParameter4">0x0</Data>
    <Data Name="SleepInProgress">false</Data>
    <Data Name="PowerButtonTimestamp">0</Data>
  </EventData>
</Event>
         

Da es nicht mein primäres Notebook ist, habe ich es dann seither unbenutzt liegen gelassen. Ich brauche es aber jetzt, weil ich nun darauf eine Abschlussarbeit schreiben muss.


Nach einem Update auf aktuellen Stand habe ich Antivir nochmal über die betreffende Datei drüber laufen lassen.

Antivir aktuell:
Code:
ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 29. Mai 2015  08:04


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Andreas
Computername   : ANDREAS-PC

Versionsinformationen:
BUILD.DAT      : 15.0.8.656     91858 Bytes  17.03.2015 13:02:00
AVSCAN.EXE     : 15.0.8.652   1014064 Bytes  28.05.2015 21:20:50
AVSCANRC.DLL   : 15.0.8.652     63792 Bytes  28.05.2015 21:20:50
LUKE.DLL       : 15.0.8.652     60664 Bytes  28.05.2015 21:21:46
AVSCPLR.DLL    : 15.0.8.652     93488 Bytes  28.05.2015 21:20:51
REPAIR.DLL     : 15.0.8.652    365360 Bytes  28.05.2015 21:20:49
REPAIR.RDF     : 1.0.8.6       896183 Bytes  28.05.2015 21:23:42
AVREG.DLL      : 15.0.8.652    265464 Bytes  28.05.2015 21:20:48
AVLODE.DLL     : 15.0.8.656    645368 Bytes  28.05.2015 21:20:47
AVLODE.RDF     : 14.0.4.70      79227 Bytes  28.05.2015 21:20:40
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00191.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00192.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00193.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00194.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00195.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00196.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:59
XBV00197.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:59
XBV00198.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:59
XBV00199.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:59
XBV00200.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00201.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00202.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00203.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00204.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00205.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00206.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00207.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00208.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00209.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00210.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00211.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00212.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00213.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00214.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00215.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00216.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00217.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00218.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00219.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00220.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00221.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00222.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00223.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00224.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00225.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00226.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:05
XBV00227.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:05
XBV00228.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:05
XBV00229.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:05
XBV00230.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00231.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00232.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00233.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00234.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00235.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00236.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00237.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00238.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00239.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00240.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:08
XBV00241.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:08
XBV00242.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:08
XBV00243.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:08
XBV00244.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00245.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00246.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00247.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00248.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00249.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:10
XBV00250.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:10
XBV00251.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:10
XBV00252.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:10
XBV00253.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:11
XBV00254.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:11
XBV00255.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:11
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:00:13
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 22:07:20
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 22:07:23
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 22:07:25
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 17:08:38
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 18:35:57
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 20:25:00
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 13:00:34
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 19:52:12
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 19:19:17
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 10:36:13
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 18:30:10
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 10:44:31
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 21:58:35
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 21:22:18
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 21:22:21
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 21:22:22
XBV00017.VDF   : 8.11.219.166  2033664 Bytes  25.03.2015 21:22:25
XBV00018.VDF   : 8.11.225.88  2367488 Bytes  22.04.2015 21:22:28
XBV00019.VDF   : 8.11.230.186  1674752 Bytes  13.05.2015 21:22:30
XBV00042.VDF   : 8.11.230.210    93184 Bytes  13.05.2015 21:22:30
XBV00043.VDF   : 8.11.230.212     2048 Bytes  13.05.2015 21:22:30
XBV00044.VDF   : 8.11.230.254     3072 Bytes  13.05.2015 21:22:30
XBV00045.VDF   : 8.11.231.22    39936 Bytes  13.05.2015 21:22:30
XBV00046.VDF   : 8.11.231.44     8192 Bytes  13.05.2015 21:22:31
XBV00047.VDF   : 8.11.231.46     2048 Bytes  13.05.2015 21:22:31
XBV00048.VDF   : 8.11.231.66    10240 Bytes  13.05.2015 21:22:31
XBV00049.VDF   : 8.11.231.88    43520 Bytes  14.05.2015 21:22:31
XBV00050.VDF   : 8.11.231.108    18432 Bytes  14.05.2015 21:22:31
XBV00051.VDF   : 8.11.231.128     2048 Bytes  14.05.2015 21:22:32
XBV00052.VDF   : 8.11.231.150    30208 Bytes  14.05.2015 21:22:32
XBV00053.VDF   : 8.11.231.188    23552 Bytes  14.05.2015 21:22:32
XBV00054.VDF   : 8.11.231.206    10240 Bytes  14.05.2015 21:22:33
XBV00055.VDF   : 8.11.231.224    11776 Bytes  14.05.2015 21:22:33
XBV00056.VDF   : 8.11.231.244    98304 Bytes  14.05.2015 21:22:33
XBV00057.VDF   : 8.11.231.246     2048 Bytes  14.05.2015 21:22:33
XBV00058.VDF   : 8.11.231.250    91136 Bytes  15.05.2015 21:22:33
XBV00059.VDF   : 8.11.232.34     2048 Bytes  15.05.2015 21:22:34
XBV00060.VDF   : 8.11.232.52    70656 Bytes  15.05.2015 21:22:34
XBV00061.VDF   : 8.11.232.72     9216 Bytes  15.05.2015 21:22:34
XBV00062.VDF   : 8.11.232.90     2048 Bytes  15.05.2015 21:22:34
XBV00063.VDF   : 8.11.232.108    52224 Bytes  15.05.2015 21:22:34
XBV00064.VDF   : 8.11.232.126     2048 Bytes  15.05.2015 21:22:34
XBV00065.VDF   : 8.11.232.144     8704 Bytes  15.05.2015 21:22:34
XBV00066.VDF   : 8.11.232.162    18944 Bytes  15.05.2015 21:22:35
XBV00067.VDF   : 8.11.232.178     2048 Bytes  15.05.2015 21:22:35
XBV00068.VDF   : 8.11.232.210    97280 Bytes  16.05.2015 21:22:35
XBV00069.VDF   : 8.11.232.224    33280 Bytes  16.05.2015 21:22:35
XBV00070.VDF   : 8.11.232.238     2048 Bytes  16.05.2015 21:22:35
XBV00071.VDF   : 8.11.232.252   106496 Bytes  17.05.2015 21:22:36
XBV00072.VDF   : 8.11.233.10    22016 Bytes  17.05.2015 21:22:36
XBV00073.VDF   : 8.11.233.24   108544 Bytes  18.05.2015 21:22:36
XBV00074.VDF   : 8.11.233.38    11776 Bytes  18.05.2015 21:22:37
XBV00075.VDF   : 8.11.233.52     7168 Bytes  18.05.2015 21:22:37
XBV00076.VDF   : 8.11.233.66    12800 Bytes  18.05.2015 21:22:37
XBV00077.VDF   : 8.11.233.68    11264 Bytes  18.05.2015 21:22:37
XBV00078.VDF   : 8.11.233.70    10752 Bytes  18.05.2015 21:22:37
XBV00079.VDF   : 8.11.233.72     8704 Bytes  18.05.2015 21:22:38
XBV00080.VDF   : 8.11.233.74    13824 Bytes  18.05.2015 21:22:38
XBV00081.VDF   : 8.11.233.76     2048 Bytes  18.05.2015 21:22:38
XBV00082.VDF   : 8.11.233.78    12800 Bytes  18.05.2015 21:22:38
XBV00083.VDF   : 8.11.233.84    34816 Bytes  18.05.2015 21:22:38
XBV00084.VDF   : 8.11.233.86     4096 Bytes  19.05.2015 21:22:39
XBV00085.VDF   : 8.11.233.100   208384 Bytes  19.05.2015 21:22:39
XBV00086.VDF   : 8.11.233.112    20480 Bytes  19.05.2015 21:22:39
XBV00087.VDF   : 8.11.233.126    60928 Bytes  19.05.2015 21:22:39
XBV00088.VDF   : 8.11.233.138    13312 Bytes  19.05.2015 21:22:39
XBV00089.VDF   : 8.11.233.140    48128 Bytes  19.05.2015 21:22:39
XBV00090.VDF   : 8.11.233.142     2048 Bytes  19.05.2015 21:22:40
XBV00091.VDF   : 8.11.233.144     2048 Bytes  19.05.2015 21:22:40
XBV00092.VDF   : 8.11.233.158    51712 Bytes  19.05.2015 21:22:40
XBV00093.VDF   : 8.11.233.170    17920 Bytes  20.05.2015 21:22:40
XBV00094.VDF   : 8.11.233.182    24064 Bytes  20.05.2015 21:22:40
XBV00095.VDF   : 8.11.233.184    68096 Bytes  20.05.2015 21:22:40
XBV00096.VDF   : 8.11.233.196     2048 Bytes  20.05.2015 21:22:40
XBV00097.VDF   : 8.11.233.208    36352 Bytes  20.05.2015 21:22:41
XBV00098.VDF   : 8.11.233.220     2048 Bytes  20.05.2015 21:22:41
XBV00099.VDF   : 8.11.233.232    92672 Bytes  20.05.2015 21:22:41
XBV00100.VDF   : 8.11.233.242    14336 Bytes  20.05.2015 21:22:41
XBV00101.VDF   : 8.11.233.252     8704 Bytes  20.05.2015 21:22:41
XBV00102.VDF   : 8.11.234.6     33792 Bytes  20.05.2015 21:22:41
XBV00103.VDF   : 8.11.234.16    14336 Bytes  20.05.2015 21:22:42
XBV00104.VDF   : 8.11.234.18     2048 Bytes  21.05.2015 21:22:42
XBV00105.VDF   : 8.11.234.38    38912 Bytes  21.05.2015 21:22:42
XBV00106.VDF   : 8.11.234.58     3584 Bytes  21.05.2015 21:22:42
XBV00107.VDF   : 8.11.234.68     4096 Bytes  21.05.2015 21:22:42
XBV00108.VDF   : 8.11.234.76    34304 Bytes  21.05.2015 21:22:43
XBV00109.VDF   : 8.11.234.78    11264 Bytes  21.05.2015 21:22:43
XBV00110.VDF   : 8.11.234.84    44032 Bytes  21.05.2015 21:22:43
XBV00111.VDF   : 8.11.234.86     2048 Bytes  21.05.2015 21:22:43
XBV00112.VDF   : 8.11.234.88    29184 Bytes  21.05.2015 21:22:43
XBV00113.VDF   : 8.11.234.90    16896 Bytes  21.05.2015 21:22:44
XBV00114.VDF   : 8.11.234.92    21504 Bytes  22.05.2015 21:22:44
XBV00115.VDF   : 8.11.234.94    32768 Bytes  22.05.2015 21:22:44
XBV00116.VDF   : 8.11.234.96     2048 Bytes  22.05.2015 21:22:44
XBV00117.VDF   : 8.11.234.104    10240 Bytes  22.05.2015 21:22:44
XBV00118.VDF   : 8.11.234.112    30208 Bytes  22.05.2015 21:22:44
XBV00119.VDF   : 8.11.234.120    13824 Bytes  22.05.2015 21:22:45
XBV00120.VDF   : 8.11.234.128    11264 Bytes  22.05.2015 21:22:45
XBV00121.VDF   : 8.11.234.130     2048 Bytes  22.05.2015 21:22:45
XBV00122.VDF   : 8.11.234.138     2048 Bytes  22.05.2015 21:22:45
XBV00123.VDF   : 8.11.234.146    14848 Bytes  22.05.2015 21:22:45
XBV00124.VDF   : 8.11.234.154    15872 Bytes  22.05.2015 21:22:45
XBV00125.VDF   : 8.11.234.164    27136 Bytes  22.05.2015 21:22:46
XBV00126.VDF   : 8.11.234.166     2048 Bytes  22.05.2015 21:22:46
XBV00127.VDF   : 8.11.234.168    10240 Bytes  22.05.2015 21:22:46
XBV00128.VDF   : 8.11.234.170     2048 Bytes  22.05.2015 21:22:46
XBV00129.VDF   : 8.11.234.172    13312 Bytes  22.05.2015 21:22:46
XBV00130.VDF   : 8.11.234.174    15872 Bytes  22.05.2015 21:22:47
XBV00131.VDF   : 8.11.234.184    68096 Bytes  23.05.2015 21:22:47
XBV00132.VDF   : 8.11.234.186     2048 Bytes  23.05.2015 21:22:47
XBV00133.VDF   : 8.11.234.196     2048 Bytes  23.05.2015 21:22:47
XBV00134.VDF   : 8.11.234.206    12800 Bytes  23.05.2015 21:22:47
XBV00135.VDF   : 8.11.234.216    70144 Bytes  24.05.2015 21:22:47
XBV00136.VDF   : 8.11.234.226     2560 Bytes  24.05.2015 21:22:48
XBV00137.VDF   : 8.11.234.228    79360 Bytes  25.05.2015 21:22:48
XBV00138.VDF   : 8.11.234.238     6656 Bytes  25.05.2015 21:22:48
XBV00139.VDF   : 8.11.234.248     7168 Bytes  25.05.2015 21:22:48
XBV00140.VDF   : 8.11.235.2      6144 Bytes  25.05.2015 21:22:48
XBV00141.VDF   : 8.11.235.4      6656 Bytes  25.05.2015 21:22:49
XBV00142.VDF   : 8.11.235.14     5632 Bytes  25.05.2015 21:22:49
XBV00143.VDF   : 8.11.235.16     4608 Bytes  25.05.2015 21:22:49
XBV00144.VDF   : 8.11.235.18     3072 Bytes  25.05.2015 21:22:49
XBV00145.VDF   : 8.11.235.20     3584 Bytes  25.05.2015 21:22:49
XBV00146.VDF   : 8.11.235.22     3584 Bytes  25.05.2015 21:22:49
XBV00147.VDF   : 8.11.235.24     5120 Bytes  25.05.2015 21:22:50
XBV00148.VDF   : 8.11.235.26     6144 Bytes  25.05.2015 21:22:50
XBV00149.VDF   : 8.11.235.28     8704 Bytes  25.05.2015 21:22:50
XBV00150.VDF   : 8.11.235.30    15872 Bytes  25.05.2015 21:22:50
XBV00151.VDF   : 8.11.235.32    15360 Bytes  25.05.2015 21:22:50
XBV00152.VDF   : 8.11.235.34     7168 Bytes  25.05.2015 21:22:51
XBV00153.VDF   : 8.11.235.36     4608 Bytes  25.05.2015 21:22:51
XBV00154.VDF   : 8.11.235.38    13312 Bytes  25.05.2015 21:22:51
XBV00155.VDF   : 8.11.235.40     7680 Bytes  26.05.2015 21:22:51
XBV00156.VDF   : 8.11.235.42    29696 Bytes  26.05.2015 21:22:51
XBV00157.VDF   : 8.11.235.44     8704 Bytes  26.05.2015 21:22:52
XBV00158.VDF   : 8.11.235.46     9728 Bytes  26.05.2015 21:22:52
XBV00159.VDF   : 8.11.235.48     6656 Bytes  26.05.2015 21:22:52
XBV00160.VDF   : 8.11.235.50     5632 Bytes  26.05.2015 21:22:52
XBV00161.VDF   : 8.11.235.52    15360 Bytes  26.05.2015 21:22:52
XBV00162.VDF   : 8.11.235.54     5632 Bytes  26.05.2015 21:22:52
XBV00163.VDF   : 8.11.235.58    26624 Bytes  26.05.2015 21:22:52
XBV00164.VDF   : 8.11.235.60     2048 Bytes  26.05.2015 21:22:53
XBV00165.VDF   : 8.11.235.70     2048 Bytes  26.05.2015 21:22:53
XBV00166.VDF   : 8.11.235.78     4608 Bytes  26.05.2015 21:22:53
XBV00167.VDF   : 8.11.235.80     2560 Bytes  26.05.2015 21:22:53
XBV00168.VDF   : 8.11.235.88    39936 Bytes  26.05.2015 21:22:53
XBV00169.VDF   : 8.11.235.96     9728 Bytes  27.05.2015 21:22:53
XBV00170.VDF   : 8.11.235.104    31232 Bytes  27.05.2015 21:22:54
XBV00171.VDF   : 8.11.235.106    46592 Bytes  27.05.2015 21:22:54
XBV00172.VDF   : 8.11.235.108     2048 Bytes  27.05.2015 21:22:54
XBV00173.VDF   : 8.11.235.110     2048 Bytes  27.05.2015 21:22:54
XBV00174.VDF   : 8.11.235.112    18432 Bytes  27.05.2015 21:22:55
XBV00175.VDF   : 8.11.235.114    18944 Bytes  27.05.2015 21:22:55
XBV00176.VDF   : 8.11.235.116     6656 Bytes  27.05.2015 21:22:55
XBV00177.VDF   : 8.11.235.118     9216 Bytes  27.05.2015 21:22:55
XBV00178.VDF   : 8.11.235.120     6656 Bytes  27.05.2015 21:22:55
XBV00179.VDF   : 8.11.235.130    34304 Bytes  27.05.2015 21:22:56
XBV00180.VDF   : 8.11.235.132     2048 Bytes  27.05.2015 21:22:56
XBV00181.VDF   : 8.11.235.140    12288 Bytes  27.05.2015 21:22:56
XBV00182.VDF   : 8.11.235.148     4096 Bytes  27.05.2015 21:22:56
XBV00183.VDF   : 8.11.235.160    15872 Bytes  28.05.2015 21:22:56
XBV00184.VDF   : 8.11.235.162     5120 Bytes  28.05.2015 21:22:57
XBV00185.VDF   : 8.11.235.168     2048 Bytes  28.05.2015 21:22:57
XBV00186.VDF   : 8.11.235.170    10752 Bytes  28.05.2015 21:22:57
XBV00187.VDF   : 8.11.235.172     2048 Bytes  28.05.2015 21:22:57
XBV00188.VDF   : 8.11.235.176     7168 Bytes  28.05.2015 21:22:57
XBV00189.VDF   : 8.11.235.178    14336 Bytes  28.05.2015 21:22:57
XBV00190.VDF   : 8.11.235.182    51200 Bytes  28.05.2015 21:22:58
LOCAL000.VDF   : 8.11.235.182 131931136 Bytes  28.05.2015 21:24:56
Engineversion  : 8.3.30.38 
AEVDF.DLL      : 8.3.1.6       133992 Bytes  29.09.2014 19:19:08
AESCRIPT.DLL   : 8.2.2.66      572272 Bytes  28.05.2015 21:20:36
AESCN.DLL      : 8.3.2.10      142456 Bytes  28.05.2015 21:20:36
AESBX.DLL      : 8.2.21.0     1622072 Bytes  28.05.2015 21:20:37
AERDL.DLL      : 8.2.1.20      731040 Bytes  28.05.2015 21:20:36
AEPACK.DLL     : 8.4.0.80      793728 Bytes  28.05.2015 21:20:35
AEOFFICE.DLL   : 8.3.1.22      363376 Bytes  28.05.2015 21:20:35
AEMOBILE.DLL   : 8.1.7.2       281720 Bytes  28.05.2015 21:20:39
AEHEUR.DLL     : 8.1.4.1702   8398760 Bytes  28.05.2015 21:20:34
AEHELP.DLL     : 8.3.2.0       281456 Bytes  28.05.2015 21:20:30
AEGEN.DLL      : 8.1.7.40      456608 Bytes  31.12.2014 10:43:08
AEEXP.DLL      : 8.4.2.88      266296 Bytes  28.05.2015 21:20:37
AEEMU.DLL      : 8.1.3.4       399264 Bytes  19.08.2014 19:50:37
AEDROID.DLL    : 8.4.3.116    1050536 Bytes  28.05.2015 21:20:38
AECORE.DLL     : 8.3.6.2       243624 Bytes  28.05.2015 21:20:30
AEBB.DLL       : 8.1.2.0        60448 Bytes  19.08.2014 19:50:36
AVWINLL.DLL    : 15.0.8.652     25904 Bytes  28.05.2015 21:20:29
AVPREF.DLL     : 15.0.8.652     53248 Bytes  28.05.2015 21:20:48
AVREP.DLL      : 15.0.8.652    221432 Bytes  28.05.2015 21:20:49
AVARKT.DLL     : 15.0.8.652    228088 Bytes  28.05.2015 21:20:41
AVEVTLOG.DLL   : 15.0.8.652    183600 Bytes  28.05.2015 21:20:44
SQLITE3.DLL    : 15.0.8.652    456440 Bytes  28.05.2015 21:22:12
AVSMTP.DLL     : 15.0.8.652     79360 Bytes  28.05.2015 21:20:51
NETNT.DLL      : 15.0.8.652     17352 Bytes  28.05.2015 21:21:48
RCIMAGE.DLL    : 15.0.8.652   4864816 Bytes  28.05.2015 21:20:29
RCTEXT.DLL     : 15.0.8.652     75056 Bytes  28.05.2015 21:20:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Andreas\AppData\Local\Temp\43034b9c.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 29. Mai 2015  08:04

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Andreas\AppData\Local\Opera\Opera\cache\g_0012\opr00EFC.tmp'
C:\Users\Andreas\AppData\Local\Opera\Opera\cache\g_0012\opr00EFC.tmp
  [FUND]      Enthält Muster der Software PUA/iLivid.Gen

Beginne mit der Desinfektion:
C:\Users\Andreas\AppData\Local\Opera\Opera\cache\g_0012\opr00EFC.tmp
  [FUND]      Enthält Muster der Software PUA/iLivid.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50fcae82.qua' verschoben!


Ende des Suchlaufs: Freitag, 29. Mai 2015  08:04
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
      1 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
      0 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         
Die Datei aus der Quarantäne wird nach dem Update von Antivir nun anscheinend als PUA/iLivid.Gen erkannt.

Antivir Systemscan:
Code:
ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 29. Mai 2015  06:39


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ANDREAS-PC

Versionsinformationen:
BUILD.DAT      : 15.0.8.656     91858 Bytes  17.03.2015 13:02:00
AVSCAN.EXE     : 15.0.8.652   1014064 Bytes  28.05.2015 21:20:50
AVSCANRC.DLL   : 15.0.8.652     63792 Bytes  28.05.2015 21:20:50
LUKE.DLL       : 15.0.8.652     60664 Bytes  28.05.2015 21:21:46
AVSCPLR.DLL    : 15.0.8.652     93488 Bytes  28.05.2015 21:20:51
REPAIR.DLL     : 15.0.8.652    365360 Bytes  28.05.2015 21:20:49
REPAIR.RDF     : 1.0.8.6       896183 Bytes  28.05.2015 21:23:42
AVREG.DLL      : 15.0.8.652    265464 Bytes  28.05.2015 21:20:48
AVLODE.DLL     : 15.0.8.656    645368 Bytes  28.05.2015 21:20:47
AVLODE.RDF     : 14.0.4.70      79227 Bytes  28.05.2015 21:20:40
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:13
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 19:52:14
XBV00191.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00192.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00193.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00194.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00195.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:58
XBV00196.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:59
XBV00197.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:59
XBV00198.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:59
XBV00199.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:22:59
XBV00200.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00201.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00202.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00203.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00204.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:00
XBV00205.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00206.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00207.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00208.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00209.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:01
XBV00210.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00211.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00212.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00213.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00214.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:02
XBV00215.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00216.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00217.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00218.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00219.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00220.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:03
XBV00221.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00222.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00223.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00224.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00225.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:04
XBV00226.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:05
XBV00227.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:05
XBV00228.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:05
XBV00229.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:05
XBV00230.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00231.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00232.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00233.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00234.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:06
XBV00235.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00236.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00237.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00238.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00239.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:07
XBV00240.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:08
XBV00241.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:08
XBV00242.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:08
XBV00243.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:08
XBV00244.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00245.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00246.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00247.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00248.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:09
XBV00249.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:10
XBV00250.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:10
XBV00251.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:10
XBV00252.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:10
XBV00253.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:11
XBV00254.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:11
XBV00255.VDF   : 8.11.230.186     2048 Bytes  13.05.2015 21:23:11
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:00:13
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 22:07:20
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 22:07:23
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 22:07:25
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 17:08:38
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 18:35:57
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 20:25:00
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 13:00:34
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 19:52:12
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 19:19:17
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 10:36:13
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 18:30:10
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 10:44:31
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 21:58:35
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 21:22:18
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 21:22:21
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 21:22:22
XBV00017.VDF   : 8.11.219.166  2033664 Bytes  25.03.2015 21:22:25
XBV00018.VDF   : 8.11.225.88  2367488 Bytes  22.04.2015 21:22:28
XBV00019.VDF   : 8.11.230.186  1674752 Bytes  13.05.2015 21:22:30
XBV00042.VDF   : 8.11.230.210    93184 Bytes  13.05.2015 21:22:30
XBV00043.VDF   : 8.11.230.212     2048 Bytes  13.05.2015 21:22:30
XBV00044.VDF   : 8.11.230.254     3072 Bytes  13.05.2015 21:22:30
XBV00045.VDF   : 8.11.231.22    39936 Bytes  13.05.2015 21:22:30
XBV00046.VDF   : 8.11.231.44     8192 Bytes  13.05.2015 21:22:31
XBV00047.VDF   : 8.11.231.46     2048 Bytes  13.05.2015 21:22:31
XBV00048.VDF   : 8.11.231.66    10240 Bytes  13.05.2015 21:22:31
XBV00049.VDF   : 8.11.231.88    43520 Bytes  14.05.2015 21:22:31
XBV00050.VDF   : 8.11.231.108    18432 Bytes  14.05.2015 21:22:31
XBV00051.VDF   : 8.11.231.128     2048 Bytes  14.05.2015 21:22:32
XBV00052.VDF   : 8.11.231.150    30208 Bytes  14.05.2015 21:22:32
XBV00053.VDF   : 8.11.231.188    23552 Bytes  14.05.2015 21:22:32
XBV00054.VDF   : 8.11.231.206    10240 Bytes  14.05.2015 21:22:33
XBV00055.VDF   : 8.11.231.224    11776 Bytes  14.05.2015 21:22:33
XBV00056.VDF   : 8.11.231.244    98304 Bytes  14.05.2015 21:22:33
XBV00057.VDF   : 8.11.231.246     2048 Bytes  14.05.2015 21:22:33
XBV00058.VDF   : 8.11.231.250    91136 Bytes  15.05.2015 21:22:33
XBV00059.VDF   : 8.11.232.34     2048 Bytes  15.05.2015 21:22:34
XBV00060.VDF   : 8.11.232.52    70656 Bytes  15.05.2015 21:22:34
XBV00061.VDF   : 8.11.232.72     9216 Bytes  15.05.2015 21:22:34
XBV00062.VDF   : 8.11.232.90     2048 Bytes  15.05.2015 21:22:34
XBV00063.VDF   : 8.11.232.108    52224 Bytes  15.05.2015 21:22:34
XBV00064.VDF   : 8.11.232.126     2048 Bytes  15.05.2015 21:22:34
XBV00065.VDF   : 8.11.232.144     8704 Bytes  15.05.2015 21:22:34
XBV00066.VDF   : 8.11.232.162    18944 Bytes  15.05.2015 21:22:35
XBV00067.VDF   : 8.11.232.178     2048 Bytes  15.05.2015 21:22:35
XBV00068.VDF   : 8.11.232.210    97280 Bytes  16.05.2015 21:22:35
XBV00069.VDF   : 8.11.232.224    33280 Bytes  16.05.2015 21:22:35
XBV00070.VDF   : 8.11.232.238     2048 Bytes  16.05.2015 21:22:35
XBV00071.VDF   : 8.11.232.252   106496 Bytes  17.05.2015 21:22:36
XBV00072.VDF   : 8.11.233.10    22016 Bytes  17.05.2015 21:22:36
XBV00073.VDF   : 8.11.233.24   108544 Bytes  18.05.2015 21:22:36
XBV00074.VDF   : 8.11.233.38    11776 Bytes  18.05.2015 21:22:37
XBV00075.VDF   : 8.11.233.52     7168 Bytes  18.05.2015 21:22:37
XBV00076.VDF   : 8.11.233.66    12800 Bytes  18.05.2015 21:22:37
XBV00077.VDF   : 8.11.233.68    11264 Bytes  18.05.2015 21:22:37
XBV00078.VDF   : 8.11.233.70    10752 Bytes  18.05.2015 21:22:37
XBV00079.VDF   : 8.11.233.72     8704 Bytes  18.05.2015 21:22:38
XBV00080.VDF   : 8.11.233.74    13824 Bytes  18.05.2015 21:22:38
XBV00081.VDF   : 8.11.233.76     2048 Bytes  18.05.2015 21:22:38
XBV00082.VDF   : 8.11.233.78    12800 Bytes  18.05.2015 21:22:38
XBV00083.VDF   : 8.11.233.84    34816 Bytes  18.05.2015 21:22:38
XBV00084.VDF   : 8.11.233.86     4096 Bytes  19.05.2015 21:22:39
XBV00085.VDF   : 8.11.233.100   208384 Bytes  19.05.2015 21:22:39
XBV00086.VDF   : 8.11.233.112    20480 Bytes  19.05.2015 21:22:39
XBV00087.VDF   : 8.11.233.126    60928 Bytes  19.05.2015 21:22:39
XBV00088.VDF   : 8.11.233.138    13312 Bytes  19.05.2015 21:22:39
XBV00089.VDF   : 8.11.233.140    48128 Bytes  19.05.2015 21:22:39
XBV00090.VDF   : 8.11.233.142     2048 Bytes  19.05.2015 21:22:40
XBV00091.VDF   : 8.11.233.144     2048 Bytes  19.05.2015 21:22:40
XBV00092.VDF   : 8.11.233.158    51712 Bytes  19.05.2015 21:22:40
XBV00093.VDF   : 8.11.233.170    17920 Bytes  20.05.2015 21:22:40
XBV00094.VDF   : 8.11.233.182    24064 Bytes  20.05.2015 21:22:40
XBV00095.VDF   : 8.11.233.184    68096 Bytes  20.05.2015 21:22:40
XBV00096.VDF   : 8.11.233.196     2048 Bytes  20.05.2015 21:22:40
XBV00097.VDF   : 8.11.233.208    36352 Bytes  20.05.2015 21:22:41
XBV00098.VDF   : 8.11.233.220     2048 Bytes  20.05.2015 21:22:41
XBV00099.VDF   : 8.11.233.232    92672 Bytes  20.05.2015 21:22:41
XBV00100.VDF   : 8.11.233.242    14336 Bytes  20.05.2015 21:22:41
XBV00101.VDF   : 8.11.233.252     8704 Bytes  20.05.2015 21:22:41
XBV00102.VDF   : 8.11.234.6     33792 Bytes  20.05.2015 21:22:41
XBV00103.VDF   : 8.11.234.16    14336 Bytes  20.05.2015 21:22:42
XBV00104.VDF   : 8.11.234.18     2048 Bytes  21.05.2015 21:22:42
XBV00105.VDF   : 8.11.234.38    38912 Bytes  21.05.2015 21:22:42
XBV00106.VDF   : 8.11.234.58     3584 Bytes  21.05.2015 21:22:42
XBV00107.VDF   : 8.11.234.68     4096 Bytes  21.05.2015 21:22:42
XBV00108.VDF   : 8.11.234.76    34304 Bytes  21.05.2015 21:22:43
XBV00109.VDF   : 8.11.234.78    11264 Bytes  21.05.2015 21:22:43
XBV00110.VDF   : 8.11.234.84    44032 Bytes  21.05.2015 21:22:43
XBV00111.VDF   : 8.11.234.86     2048 Bytes  21.05.2015 21:22:43
XBV00112.VDF   : 8.11.234.88    29184 Bytes  21.05.2015 21:22:43
XBV00113.VDF   : 8.11.234.90    16896 Bytes  21.05.2015 21:22:44
XBV00114.VDF   : 8.11.234.92    21504 Bytes  22.05.2015 21:22:44
XBV00115.VDF   : 8.11.234.94    32768 Bytes  22.05.2015 21:22:44
XBV00116.VDF   : 8.11.234.96     2048 Bytes  22.05.2015 21:22:44
XBV00117.VDF   : 8.11.234.104    10240 Bytes  22.05.2015 21:22:44
XBV00118.VDF   : 8.11.234.112    30208 Bytes  22.05.2015 21:22:44
XBV00119.VDF   : 8.11.234.120    13824 Bytes  22.05.2015 21:22:45
XBV00120.VDF   : 8.11.234.128    11264 Bytes  22.05.2015 21:22:45
XBV00121.VDF   : 8.11.234.130     2048 Bytes  22.05.2015 21:22:45
XBV00122.VDF   : 8.11.234.138     2048 Bytes  22.05.2015 21:22:45
XBV00123.VDF   : 8.11.234.146    14848 Bytes  22.05.2015 21:22:45
XBV00124.VDF   : 8.11.234.154    15872 Bytes  22.05.2015 21:22:45
XBV00125.VDF   : 8.11.234.164    27136 Bytes  22.05.2015 21:22:46
XBV00126.VDF   : 8.11.234.166     2048 Bytes  22.05.2015 21:22:46
XBV00127.VDF   : 8.11.234.168    10240 Bytes  22.05.2015 21:22:46
XBV00128.VDF   : 8.11.234.170     2048 Bytes  22.05.2015 21:22:46
XBV00129.VDF   : 8.11.234.172    13312 Bytes  22.05.2015 21:22:46
XBV00130.VDF   : 8.11.234.174    15872 Bytes  22.05.2015 21:22:47
XBV00131.VDF   : 8.11.234.184    68096 Bytes  23.05.2015 21:22:47
XBV00132.VDF   : 8.11.234.186     2048 Bytes  23.05.2015 21:22:47
XBV00133.VDF   : 8.11.234.196     2048 Bytes  23.05.2015 21:22:47
XBV00134.VDF   : 8.11.234.206    12800 Bytes  23.05.2015 21:22:47
XBV00135.VDF   : 8.11.234.216    70144 Bytes  24.05.2015 21:22:47
XBV00136.VDF   : 8.11.234.226     2560 Bytes  24.05.2015 21:22:48
XBV00137.VDF   : 8.11.234.228    79360 Bytes  25.05.2015 21:22:48
XBV00138.VDF   : 8.11.234.238     6656 Bytes  25.05.2015 21:22:48
XBV00139.VDF   : 8.11.234.248     7168 Bytes  25.05.2015 21:22:48
XBV00140.VDF   : 8.11.235.2      6144 Bytes  25.05.2015 21:22:48
XBV00141.VDF   : 8.11.235.4      6656 Bytes  25.05.2015 21:22:49
XBV00142.VDF   : 8.11.235.14     5632 Bytes  25.05.2015 21:22:49
XBV00143.VDF   : 8.11.235.16     4608 Bytes  25.05.2015 21:22:49
XBV00144.VDF   : 8.11.235.18     3072 Bytes  25.05.2015 21:22:49
XBV00145.VDF   : 8.11.235.20     3584 Bytes  25.05.2015 21:22:49
XBV00146.VDF   : 8.11.235.22     3584 Bytes  25.05.2015 21:22:49
XBV00147.VDF   : 8.11.235.24     5120 Bytes  25.05.2015 21:22:50
XBV00148.VDF   : 8.11.235.26     6144 Bytes  25.05.2015 21:22:50
XBV00149.VDF   : 8.11.235.28     8704 Bytes  25.05.2015 21:22:50
XBV00150.VDF   : 8.11.235.30    15872 Bytes  25.05.2015 21:22:50
XBV00151.VDF   : 8.11.235.32    15360 Bytes  25.05.2015 21:22:50
XBV00152.VDF   : 8.11.235.34     7168 Bytes  25.05.2015 21:22:51
XBV00153.VDF   : 8.11.235.36     4608 Bytes  25.05.2015 21:22:51
XBV00154.VDF   : 8.11.235.38    13312 Bytes  25.05.2015 21:22:51
XBV00155.VDF   : 8.11.235.40     7680 Bytes  26.05.2015 21:22:51
XBV00156.VDF   : 8.11.235.42    29696 Bytes  26.05.2015 21:22:51
XBV00157.VDF   : 8.11.235.44     8704 Bytes  26.05.2015 21:22:52
XBV00158.VDF   : 8.11.235.46     9728 Bytes  26.05.2015 21:22:52
XBV00159.VDF   : 8.11.235.48     6656 Bytes  26.05.2015 21:22:52
XBV00160.VDF   : 8.11.235.50     5632 Bytes  26.05.2015 21:22:52
XBV00161.VDF   : 8.11.235.52    15360 Bytes  26.05.2015 21:22:52
XBV00162.VDF   : 8.11.235.54     5632 Bytes  26.05.2015 21:22:52
XBV00163.VDF   : 8.11.235.58    26624 Bytes  26.05.2015 21:22:52
XBV00164.VDF   : 8.11.235.60     2048 Bytes  26.05.2015 21:22:53
XBV00165.VDF   : 8.11.235.70     2048 Bytes  26.05.2015 21:22:53
XBV00166.VDF   : 8.11.235.78     4608 Bytes  26.05.2015 21:22:53
XBV00167.VDF   : 8.11.235.80     2560 Bytes  26.05.2015 21:22:53
XBV00168.VDF   : 8.11.235.88    39936 Bytes  26.05.2015 21:22:53
XBV00169.VDF   : 8.11.235.96     9728 Bytes  27.05.2015 21:22:53
XBV00170.VDF   : 8.11.235.104    31232 Bytes  27.05.2015 21:22:54
XBV00171.VDF   : 8.11.235.106    46592 Bytes  27.05.2015 21:22:54
XBV00172.VDF   : 8.11.235.108     2048 Bytes  27.05.2015 21:22:54
XBV00173.VDF   : 8.11.235.110     2048 Bytes  27.05.2015 21:22:54
XBV00174.VDF   : 8.11.235.112    18432 Bytes  27.05.2015 21:22:55
XBV00175.VDF   : 8.11.235.114    18944 Bytes  27.05.2015 21:22:55
XBV00176.VDF   : 8.11.235.116     6656 Bytes  27.05.2015 21:22:55
XBV00177.VDF   : 8.11.235.118     9216 Bytes  27.05.2015 21:22:55
XBV00178.VDF   : 8.11.235.120     6656 Bytes  27.05.2015 21:22:55
XBV00179.VDF   : 8.11.235.130    34304 Bytes  27.05.2015 21:22:56
XBV00180.VDF   : 8.11.235.132     2048 Bytes  27.05.2015 21:22:56
XBV00181.VDF   : 8.11.235.140    12288 Bytes  27.05.2015 21:22:56
XBV00182.VDF   : 8.11.235.148     4096 Bytes  27.05.2015 21:22:56
XBV00183.VDF   : 8.11.235.160    15872 Bytes  28.05.2015 21:22:56
XBV00184.VDF   : 8.11.235.162     5120 Bytes  28.05.2015 21:22:57
XBV00185.VDF   : 8.11.235.168     2048 Bytes  28.05.2015 21:22:57
XBV00186.VDF   : 8.11.235.170    10752 Bytes  28.05.2015 21:22:57
XBV00187.VDF   : 8.11.235.172     2048 Bytes  28.05.2015 21:22:57
XBV00188.VDF   : 8.11.235.176     7168 Bytes  28.05.2015 21:22:57
XBV00189.VDF   : 8.11.235.178    14336 Bytes  28.05.2015 21:22:57
XBV00190.VDF   : 8.11.235.182    51200 Bytes  28.05.2015 21:22:58
LOCAL000.VDF   : 8.11.235.182 131931136 Bytes  28.05.2015 21:24:56
Engineversion  : 8.3.30.38 
AEVDF.DLL      : 8.3.1.6       133992 Bytes  29.09.2014 19:19:08
AESCRIPT.DLL   : 8.2.2.66      572272 Bytes  28.05.2015 21:20:36
AESCN.DLL      : 8.3.2.10      142456 Bytes  28.05.2015 21:20:36
AESBX.DLL      : 8.2.21.0     1622072 Bytes  28.05.2015 21:20:37
AERDL.DLL      : 8.2.1.20      731040 Bytes  28.05.2015 21:20:36
AEPACK.DLL     : 8.4.0.80      793728 Bytes  28.05.2015 21:20:35
AEOFFICE.DLL   : 8.3.1.22      363376 Bytes  28.05.2015 21:20:35
AEMOBILE.DLL   : 8.1.7.2       281720 Bytes  28.05.2015 21:20:39
AEHEUR.DLL     : 8.1.4.1702   8398760 Bytes  28.05.2015 21:20:34
AEHELP.DLL     : 8.3.2.0       281456 Bytes  28.05.2015 21:20:30
AEGEN.DLL      : 8.1.7.40      456608 Bytes  31.12.2014 10:43:08
AEEXP.DLL      : 8.4.2.88      266296 Bytes  28.05.2015 21:20:37
AEEMU.DLL      : 8.1.3.4       399264 Bytes  19.08.2014 19:50:37
AEDROID.DLL    : 8.4.3.116    1050536 Bytes  28.05.2015 21:20:38
AECORE.DLL     : 8.3.6.2       243624 Bytes  28.05.2015 21:20:30
AEBB.DLL       : 8.1.2.0        60448 Bytes  19.08.2014 19:50:36
AVWINLL.DLL    : 15.0.8.652     25904 Bytes  28.05.2015 21:20:29
AVPREF.DLL     : 15.0.8.652     53248 Bytes  28.05.2015 21:20:48
AVREP.DLL      : 15.0.8.652    221432 Bytes  28.05.2015 21:20:49
AVARKT.DLL     : 15.0.8.652    228088 Bytes  28.05.2015 21:20:41
AVEVTLOG.DLL   : 15.0.8.652    183600 Bytes  28.05.2015 21:20:44
SQLITE3.DLL    : 15.0.8.652    456440 Bytes  28.05.2015 21:22:12
AVSMTP.DLL     : 15.0.8.652     79360 Bytes  28.05.2015 21:20:51
NETNT.DLL      : 15.0.8.652     17352 Bytes  28.05.2015 21:21:48
RCIMAGE.DLL    : 15.0.8.652   4864816 Bytes  28.05.2015 21:20:29
RCTEXT.DLL     : 15.0.8.652     75056 Bytes  28.05.2015 21:20:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20150529-063305-BB3EF31A.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 29. Mai 2015  06:39

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTS.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKLOAD.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTHSAmpPalService.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'tposdsvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '196' Modul(e) wurden durchsucht
Durchsuche Prozess 'shtctky.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTHSSecurityMgr.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpKnrres.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RCIMGDIR.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '178' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAMMUTE.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPKNRSVC.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'PassThruSvr.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ScrybeUpdater.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'rrservice.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'scheduler_proxy.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMDBSVC.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvt_reg_monitor_svc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'uts.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUService.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht


Ende des Suchlaufs: Freitag, 29. Mai 2015  07:54
Benötigte Zeit:  1:14:03 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   5663 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   5663 Dateien ohne Befall
      1 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 1622893 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
         
Antivir hat hier auf ein verstecktes Objekt hingewiesen ... keine Ahnung ob das ein Problem darstellt.

Die weiteren Daten von Defogger, FRST und GMER folgen im 2. Post (zu viele Zeichen)

Alt 01.06.2015, 21:44   #2
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook Teil 2



Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:22 on 01/06/2015 (Andreas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
         

FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Andreas (administrator) on ANDREAS-PC on 01-06-2015 21:28:17
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available Profiles: Andreas & TEST)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\xpsrchvw.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-10-21] (AuthenTec, Inc.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-10-21] (AuthenTec)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\RotateImage\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-05-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\RunOnce: [Uninstall C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: {7d517441-7729-11e1-936b-001fe2e855a4} - F:\Startme.exe
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: {b632db5f-2dcd-11df-89ad-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: {b632db97-2dcd-11df-89ad-001fe2e855a4} - F:\AutoRun.exe
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: {b632dc39-2dcd-11df-89ad-001fe2e855a4} - F:\AutoRun.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2013-06-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001 -> {0DAD6D0C-0E15-4156-BA95-9D9E8E157B43} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\eb4qzeqm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-06-01] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-06-01] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-26]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-06-30]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-10-21] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-05-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-05-28] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Windows\system32\ATService.exe [2715456 2010-10-21] (AuthenTec, Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-10-21] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-09-14] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-11] (Synaptics, Inc.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2009-09-25] (Lenovo Group Limited) [File not signed]
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U875UVC; C:\Windows\System32\DRIVERS\RCUVCMNP.sys [220032 2009-10-23] (Ricoh co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-05-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-02] (Avira Operations GmbH & Co. KG)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2011-05-09] (Google Inc)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [11776 2010-10-20] (HandSet Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-27] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2010-10-18] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [127056 2010-10-18] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2010-10-18] (ZTE Incorporated)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 21:28 - 2015-06-01 21:30 - 00019969 _____ () C:\Users\Andreas\Desktop\FRST.txt
2015-06-01 21:27 - 2015-06-01 21:28 - 00000000 ____D () C:\FRST
2015-06-01 21:26 - 2015-06-01 21:26 - 02108928 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2015-06-01 20:53 - 2015-06-01 21:03 - 00000000 ___SD () C:\Windows\system32\GWX
2015-06-01 20:53 - 2015-06-01 20:53 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-29 08:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:36 - 2015-05-29 08:36 - 00767664 _____ () C:\Users\Andreas\Desktop\Trojanerboard_Anleitung.xps
2015-05-29 08:10 - 2015-06-01 21:22 - 00000528 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2015-05-29 08:10 - 2015-05-29 08:10 - 00000020 _____ () C:\Users\Andreas\defogger_reenable
2015-05-29 08:09 - 2015-05-29 08:09 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2015-05-29 00:10 - 2015-05-29 00:10 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422026928
2015-05-28 23:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-28 23:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-28 23:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-28 23:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-28 23:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-28 23:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-28 23:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-28 23:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-28 23:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-28 23:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-28 23:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-28 23:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-28 23:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-28 23:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-28 23:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-28 23:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-28 23:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-28 23:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-28 23:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-28 23:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-28 23:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-28 23:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-28 23:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-28 23:51 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-28 23:51 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-28 23:51 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-28 23:51 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-28 23:51 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-28 23:51 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-28 23:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-28 23:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-28 23:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-28 23:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-28 23:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-28 23:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-28 23:49 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-28 23:49 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-28 23:49 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-28 23:49 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-28 23:49 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-28 23:49 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-28 23:49 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-28 23:49 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-28 23:49 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-28 23:49 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-28 23:49 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-28 23:49 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-28 23:49 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-28 23:48 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-28 23:48 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-28 23:48 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-28 23:48 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-28 23:48 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-28 23:48 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-28 23:33 - 2015-05-28 23:33 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 21:27 - 2010-01-20 01:12 - 01795489 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 21:21 - 2011-07-29 08:38 - 00003500 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-01 21:21 - 2011-07-29 08:38 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-01 21:21 - 2011-07-29 08:38 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-01 21:14 - 2013-02-13 17:18 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2015-06-01 21:13 - 2009-07-14 06:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:13 - 2009-07-14 06:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:03 - 2013-06-13 09:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-01 21:03 - 2013-06-13 09:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 21:03 - 2012-04-08 13:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-01 21:03 - 2011-06-08 08:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 20:59 - 2015-01-21 00:32 - 00004795 _____ () C:\Windows\setupact.log
2015-06-01 20:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 20:58 - 2009-07-14 06:45 - 00541624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-06-01 20:56 - 2009-07-14 19:58 - 00751858 _____ () C:\Windows\system32\perfh007.dat
2015-06-01 20:56 - 2009-07-14 19:58 - 00170598 _____ () C:\Windows\system32\perfc007.dat
2015-06-01 20:56 - 2009-07-14 07:13 - 01768306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 20:54 - 2014-12-13 15:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-06-01 20:54 - 2014-05-06 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-06-01 20:54 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-06-01 20:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-29 09:02 - 2010-01-20 01:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-29 09:01 - 2010-06-15 16:53 - 01742586 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-29 09:00 - 2013-08-18 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-29 08:48 - 2013-09-09 21:10 - 00000000 ____D () C:\ProgramData\Skype
2015-05-29 08:43 - 2012-05-20 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-29 08:35 - 2012-10-15 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-29 08:10 - 2010-01-20 01:18 - 00000000 ____D () C:\Users\Andreas
2015-05-29 08:07 - 2015-01-20 23:00 - 00000000 ____D () C:\Users\Andreas\Desktop\Adware Infizierung
2015-05-29 08:07 - 2010-10-27 22:18 - 00000000 ____D () C:\Users\Andreas\Johanna
2015-05-29 07:54 - 2010-02-15 13:56 - 00000000 ____D () C:\ProgramData\Lenovo
2015-05-29 07:45 - 2011-02-16 20:04 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-05-29 07:45 - 2010-04-15 21:17 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-05-29 07:45 - 2010-01-20 02:32 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-05-29 07:43 - 2010-01-20 03:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-05-29 02:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-29 00:10 - 2010-04-15 21:12 - 00000000 ____D () C:\SWSHARE
2015-05-29 00:10 - 2010-01-20 01:38 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-28 23:57 - 2014-12-14 13:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-28 23:42 - 2010-12-10 16:47 - 00000000 ____D () C:\Users\Andreas\Geschäftlich
2015-05-28 23:33 - 2014-09-26 13:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-28 23:33 - 2013-06-27 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-28 23:33 - 2013-06-27 00:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-28 23:20 - 2013-06-27 00:07 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-28 23:20 - 2013-06-27 00:06 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-28 23:20 - 2013-06-27 00:06 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-28 23:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-28 23:04 - 2014-09-24 10:51 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

==================== Files in the root of some directories =======

2013-05-08 23:14 - 2013-06-26 22:41 - 0000697 _____ () C:\Users\Andreas\AppData\Roaming\ConvAPIPlugin.log
2011-01-30 15:38 - 2011-05-06 14:35 - 0038423 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-05-06 14:49 - 2011-05-06 14:49 - 0012955 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-06-14 15:05 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Roaming\winscp.rnd
2010-05-05 00:50 - 2015-03-21 01:16 - 0021504 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 15:52 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Local\PUTTY.RND
2011-10-21 16:26 - 2011-10-21 16:26 - 0001472 _____ () C:\Users\Andreas\AppData\Local\RecConfig.xml
2014-05-23 13:31 - 2014-05-23 13:31 - 0000857 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2011-03-03 18:27 - 2013-11-22 10:21 - 0007608 _____ () C:\Users\Andreas\AppData\Local\resmon.resmoncfg
2010-01-21 21:16 - 2014-02-08 22:32 - 0038412 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-29 02:00

==================== End of log ============================
         
Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Andreas at 2015-06-01 21:31:08
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2103261752-1737089908-2043903725-500 - Administrator - Disabled)
Andreas (S-1-5-21-2103261752-1737089908-2043903725-1001 - Administrator - Enabled) => C:\Users\Andreas
Gast (S-1-5-21-2103261752-1737089908-2043903725-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2103261752-1737089908-2043903725-1002 - Limited - Enabled)
TEST (S-1-5-21-2103261752-1737089908-2043903725-1006 - Limited - Enabled) => C:\Users\TEST

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agenda (HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Agenda) (Version:  - Leonardo Javier Alassia)
AMD Catalyst Install Manager (HKLM\...\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.792.5.2-120504a-138564C-Lenovo - ATI Technologies, Inc.)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
B110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CamStudio (HKLM-x32\...\CamStudio) (Version:  - )
ccc-core-static (x32 Version: 2012.0504.2334.40448 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ChemSep 6.96 (HKLM-x32\...\ChemSepL6v96) (Version: 6.96 - ChemSep)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
COCO (HKLM\...\COCO) (Version: 2.7 - AmsterCHEM)
Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
COSMOthermCO-LITE-C30-1201 (HKLM-x32\...\COSMOthermCO-LITE-C30-1201) (Version:  - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Dropbox) (Version: 2.6.7 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited)
Excel CAPE-OPEN Unit Operation (HKLM-x32\...\ExcelUO) (Version:  - AmsterCHEM)
FastSum 1.7 Standard Edition and FastSum 1.9 Command-Line Editi (HKLM-x32\...\FastSum_is1) (Version:  - Kirill Zinov)
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.6.8.0 - Androxyde)
Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
Free YouTube Download version 3.0.20.1228 (HKLM-x32\...\Free YouTube Download_is1) (Version:  - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.56.301 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.56.301 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GO Contact Sync Mod (HKLM-x32\...\{82126A52-6AB6-4D1B-A89C-8F1C7790B55A}) (Version: 3.5.1 - WebGear, Create Software, Stru.be, saller.NET)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
GraphCalc v4.0.1 (HKLM-x32\...\GraphCalc v4.0.1_is1) (Version:  - )
Greenshot 1.1.5.2643 (HKLM\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.27.00 - Hyperionics Technology LLC)
ImageJ 1.44p (HKLM-x32\...\ImageJ_is1) (Version:  - NIH)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Integrated Camera Driver Installer Package Ver.1.32.500.0 (HKLM-x32\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.32.500.0 - RICOH)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Java(TM) SE Development Kit 6 Update 17 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160170}) (Version: 1.6.0.170 - Sun Microsystems, Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.2.43 - AuthenTec, Inc.)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0037 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mathcad 15 M010 (HKLM-x32\...\{8FD0167F-A752-467A-86BE-3728D71F68B8}) (Version: 15.0.1.0 - PTC)
Mathcad 8 Professional (HKLM-x32\...\Mathcad 8 Professional) (Version:  - )
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Mathcad Prime 1.0 (HKLM-x32\...\{A52BF788-47BD-48E4-975A-AE5F107D559E}) (Version: 1.0 - PTC)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.0 - Design Science, Inc.)
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B0-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Math Add-in for Word 2007 (HKLM-x32\...\{47D0C5E6-9FBA-49DB-8F88-BFAA5BA38646}) (Version: 3.5.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0080-0407-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection  (HKLM\...\{E735E90E-FE0B-4B10-90D5-4AC6D3899BFD}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{CBCDC8C3-8783-4AAC-BB72-31FB8A5E63CB}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.1 - F.J. Wechselberger)
Nero 9 Lite (HKLM-x32\...\{34d62ea3-2b56-46fe-b845-4d09ed66c415}) (Version:  - Nero AG)
NetBeans IDE 6.8 (HKLM-x32\...\nbi-nb-base-6.8.0.0.0) (Version: 6.8 - NetBeans.org)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
Nokia Map Loader (HKLM-x32\...\{45D4F727-43B5-49CD-B474-B9866A8F4FB8}) (Version: 3.0.28 - Nokia)
Nokia Software Updater (HKLM-x32\...\{889D48DA-457F-4C8B-9095-6458F2793B12}) (Version: 3.0.605 - Nokia Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Olympus NDT TomoViewer 2.9R10 (HKLM-x32\...\{F7CAEFDF-CEAE-4BBB-AAEF-0F9F93517A4D}) (Version: 2.9.263 - Olympus NDT)
OpenRA (HKLM-x32\...\OpenRA) (Version:  - OpenRA developers)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PC Connectivity Solution (HKLM-x32\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.1.0 - )
Presenter version 1.27 (HKLM-x32\...\{F5A954ED-07FE-4DFB-8763-F4AD47D79218}_is1) (Version: 1.27 - Ratisbonsoft)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
'PTC Places' Namespace Shell Extension (HKLM-x32\...\{A9FAD2D5-1C42-4C5C-B5DD-291DA9863BEA}) (Version: 1.1.16 - PTC)
PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0027.00 - Lenovo Group Limited)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scientific WorkPlace 5.0 (HKLM-x32\...\{DA6B13CF-A177-42DF-B416-A1EFDD8E7693}) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.12.5 - Sony Ericsson Mobile Communications AB)
Sony PC Companion 2.10.030 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.030 - Sony)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
The Battle for Middle-earth (tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version:  - )
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.60.4.0 - Lenovo Group Limited)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USEPA Cape Open Class Library with WAR Add-In (HKLM-x32\...\{174EB4DF-7074-4405-A775-361B205C9BE1}) (Version: 1.4.17 - USEPA)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualDubMOD 1.5.10.3 US (HKLM-x32\...\{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1) (Version: 1.5.10.3 - Trad-Fr)
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windchill ProductPoint Client Manager-2.0_2011.01.10.001 (HKLM-x32\...\{371E8B48-2AF1-491B-8F35-BD60D18CB927}) (Version: 2.0.2310 - PTC)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Acer, Inc (androidusb) USB  (12/20/2011 1.0.0010.00000) (HKLM\...\3A22385941281AFEE4CDB6EE09AB8D0BF418CE17) (Version: 12/20/2011 1.0.0010.00000 - Acer, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Linux Developer Community Net  (12/08/2011 5.1.2600.2781) (HKLM\...\AAA1ACCA6262EC232B355F1427BDDE4D745AFBC1) (Version: 12/08/2011 5.1.2600.2781 - Linux Developer Community)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinSCP 4.2.7 (HKLM-x32\...\winscp3_is1) (Version: 4.2.7 - Martin Prikryl)
ZTE Handset USB Driver 5.2066.1.7 (HKLM\...\{EBED0919-4BD0-4718-BA7A-5D2B503F9BC6}_is1) (Version: 5.2066.1.7 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{E4A346EA-B80E-47fe-ADAC-EF43A52BF356}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-03-2015 00:01:49 Windows Update
29-05-2015 02:06:22 Geplanter Prüfpunkt
29-05-2015 08:41:56 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05718F80-448E-4010-9C23-25849BBF655A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-01] (Adobe Systems Incorporated)
Task: {072AED09-DD63-41EF-AB5E-32F01C0528AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {07A9F85D-8E51-4ACA-A7A5-D6BC6B2B3CB8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {11A746E8-3AB4-4BCD-923C-C8B0650E8499} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {16F9E1ED-1AA1-4AC3-B9D4-AFDD075668E4} - System32\Tasks\{39506F0F-CD8D-46BA-9422-C10D88883F52} => D:\Setup.exe
Task: {1B69203F-63D9-43A7-8CFF-FAE74E9311A4} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {2EB36D48-F07C-44F2-871D-692BB444E4E3} - System32\Tasks\{2FE0267F-1FAB-482C-98DE-C1F07701BF33} => C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [2009-10-30] ()
Task: {31AF6D2D-2BDB-4A63-A440-957EBB8B67F1} - System32\Tasks\{99FE7198-08E1-4F54-860E-B44DBD051CD3} => E:\SETUP95\INSTALL.EXE
Task: {37334EF3-47AA-4F1C-B024-741F169A90FF} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited)
Task: {386B503B-38DD-456C-B73D-E5050AD8CAEC} - System32\Tasks\{50E4B636-85BC-44FE-A51C-F5A51004987B} => pcalua.exe -a C:\Users\Andreas\Desktop\8-12_vista32_dd_ccc_wdm_enu_72275.exe -d C:\Users\Andreas\Desktop
Task: {40C5A3DC-FF6E-4D51-93F4-065E69C9119D} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {553A62E9-1204-4A7D-98BC-A8219BF29A39} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-05-15] ()
Task: {69833B16-9DFA-4FCD-A581-15AF6D229E0C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {7AE66627-B97D-4D0E-8EEC-F58D379F0B1C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {7EA3B71C-7460-4D02-A7C2-33D71838AC58} - System32\Tasks\{CBEEF266-B7E8-4694-99C4-6718FCB5900D} => C:\GAMES\REDALERT\RA95.EXE
Task: {82B0F8A8-3D1D-4707-B07C-2BD564BD7FB5} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {8794ACF2-3BA9-4197-83FC-2ECDE42F73A9} - System32\Tasks\{B63769F4-D412-4D11-B866-3033C7EE7875} => pcalua.exe -a C:\Users\Andreas\Desktop\MATLAB\MLA1206_common\MLA1206\setup.exe -d C:\Users\Andreas\Desktop\MATLAB\MLA1206_common\MLA1206
Task: {9198042A-1D7E-40B8-81E7-FB3173E383BF} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {927C67FB-9760-45BC-8FA8-062CD04C684C} - System32\Tasks\{6E14B4E6-07B5-4C21-8DA7-3F7785D42904} => pcalua.exe -a C:\Users\Andreas\Desktop\winsdk_web.exe -d C:\Users\Andreas\Desktop
Task: {96ECBF4F-BBF9-4307-A6E3-9A86D84F4F3A} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {99D5640A-2108-491D-8143-4B9EDF4ECA1E} - System32\Tasks\{2DB39F84-50E8-4986-AC48-68825432A62A} => pcalua.exe -a C:\Users\Andreas\Desktop\sl-6530\SL-6530\Setup.EXE -d C:\Users\Andreas\Desktop\sl-6530\SL-6530
Task: {9AADE869-6C63-424A-8EE3-8F657B175E99} - System32\Tasks\{BAE541B2-E271-4E81-B824-F709B6B50037} => E:\SETUP95\INSTALL.EXE
Task: {A4849CDF-25CA-4054-96B6-C9A5EEF190AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {AC0DCD99-6363-488F-BA9B-707D361E4138} - System32\Tasks\Opera scheduled Autoupdate 1422026928 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {B96546EF-4E1E-4E98-B763-696B5FEA4602} - System32\Tasks\{1E965D09-068E-482B-B218-A9375DD26C1F} => pcalua.exe -a D:\setup.exe -d D:\
Task: {BFDE13BB-CDB7-473F-8025-7D7EFE094EEA} - System32\Tasks\{E83CFB57-C5AD-4E52-804C-A22E7CACAB3C} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {C53E76E8-ABEB-40A5-818E-876CDAEFA5F2} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {CD53BEBF-59FC-48E0-BF57-FAE38109BE8A} - System32\Tasks\MATLAB R2012b Startup Accelerator => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: {D9B8676D-859A-4189-AEBA-74647678DE89} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23] (Microsoft Corporation)
Task: {F1432B67-F238-4878-B78B-13B1989BF8B3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {F5753209-18EC-4BC5-ACD9-BA86C3AE0EA4} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {FACA914E-1A15-412E-9497-A74228094406} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (Whitelisted) ==============

2010-10-21 04:09 - 2010-10-21 04:09 - 00117760 _____ () C:\Windows\system32\DTS.exe
2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-03-01 20:47 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-01-20 02:21 - 2014-03-20 06:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2009-11-25 01:36 - 2009-11-25 01:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-04 23:33 - 2012-05-04 23:33 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-03-26 17:44 - 2013-03-26 17:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2009-09-25 16:16 - 2009-09-25 16:16 - 00241664 _____ () C:\Program Files (x86)\Lenovo\Rescue and Recovery\CDRecord.dll
2009-09-25 16:29 - 2009-09-25 16:29 - 00247096 _____ () C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A2C6D38F

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GoogleContactSync => C:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PicPick Start => C:\Program Files (x86)\PicPick\picpick.exe /startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{CD13AF83-2A16-4451-951C-6944D37ACAE9}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [UDP Query User{7EE4F072-E5D4-47E1-842D-3AF29DAC619D}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [{59C04CF6-3F73-48F3-AB9F-F9AB74B7C839}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6E2E3A15-0C57-45B9-A649-E5903531D56A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5AE5F262-D642-409A-A968-05B9CA375B21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{508D3E22-457E-4975-B97A-8E9083DC4E42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1D93FCEF-751E-47F8-9057-B8CA0D92EC0C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{C425CAA4-C8E0-492E-88E9-0A4E5BB51391}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D2A34483-34E5-454B-8037-BF73FA013318}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{5287D644-46C3-4E40-848D-42953DD35E17}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{04ED88F0-7C0C-4966-885C-3130ABC80DD7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A1E9B521-A9A9-4067-ADE3-C8BA6A781E95}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{2BABE91E-9E74-4728-A073-E4ED3AE7DEB2}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{070D0525-278E-43BA-8AD9-37681A50B6AB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{E4051789-9CFC-461E-AB5E-FE0CC1F8F158}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth (tm)\game.dat
FirewallRules: [{BD805E2D-B834-4846-BD0C-AF7A36522D19}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth (tm)\game.dat
FirewallRules: [TCP Query User{77FE98A9-7DD5-4AEC-B779-B6F8EAC28F1A}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{92D32FD6-9C0C-4149-8DF8-98794B3AE9BB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1C2BC07E-1E3E-4487-A544-AA1D1DA34E3E}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat
FirewallRules: [{F75CA605-472C-44D0-80A2-E5E455E8A5F3}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat
FirewallRules: [TCP Query User{3D5DB7B9-C4AD-4543-80EF-372121DD6897}C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\patchget.dat] => (Allow) C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\patchget.dat
FirewallRules: [UDP Query User{791525DA-52A6-43BA-9279-FE79514FBB86}C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\patchget.dat] => (Allow) C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\patchget.dat
FirewallRules: [TCP Query User{2DABC5E3-49D6-4BB2-92C2-5735E98B84A9}C:\users\andreas\spielchen\blobby volley\volley.exe] => (Block) C:\users\andreas\spielchen\blobby volley\volley.exe
FirewallRules: [UDP Query User{4DAD26D6-1612-4108-B34F-7F2ECEECEB55}C:\users\andreas\spielchen\blobby volley\volley.exe] => (Block) C:\users\andreas\spielchen\blobby volley\volley.exe
FirewallRules: [TCP Query User{9F3D79E4-EBA2-4031-A004-8453A965F1AF}C:\program files (x86)\java\jdk1.6.0_17\bin\javaw.exe] => (Block) C:\program files (x86)\java\jdk1.6.0_17\bin\javaw.exe
FirewallRules: [UDP Query User{ED5D03D5-2007-47CD-B3D4-D41A469814C6}C:\program files (x86)\java\jdk1.6.0_17\bin\javaw.exe] => (Block) C:\program files (x86)\java\jdk1.6.0_17\bin\javaw.exe
FirewallRules: [{75234E7A-F5ED-4DF1-B5BF-EEA275201E64}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{2A066565-C0F5-4615-8250-D87B38119787}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [TCP Query User{D225E120-2256-4540-BD5E-1FC7E07DB03D}C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat] => (Block) C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat
FirewallRules: [UDP Query User{C234421C-0484-4D14-A6BE-315B65AD081A}C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat] => (Block) C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat
FirewallRules: [TCP Query User{8356792D-A5F9-45EE-856F-7D68BA495587}C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat] => (Block) C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat
FirewallRules: [UDP Query User{B3D895B4-8D6C-49D6-81EA-0AA2DCA706D4}C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat] => (Block) C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat
FirewallRules: [{83D4107C-0FE4-47A2-A9CF-6518FE3645EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{125F49D8-0CFD-41A9-985D-C35BC475AC2E}] => (Allow) LPort=2869
FirewallRules: [{304C10F8-C016-4EB8-9A13-59982577D4AD}] => (Allow) LPort=1900
FirewallRules: [{B5E96182-9A71-4F08-AB8A-5E95C358A910}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{7BDBE009-579F-4B29-B6DE-C5EE78A4CF12}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{C656EA67-E720-483D-919B-3C0945BE5F7F}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{6BBD4A9C-B5A3-44DA-9E3D-D561B974C531}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{BACFFDF0-F72F-47BA-9F01-C127A9C651A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2C19A513-5347-40DB-920B-50E2E1D29023}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{461B4D83-BC4F-4BFC-BFBF-10F1A8B81FCF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{DF03B86B-D61A-4545-80FC-4B52BBC889A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{A6741337-C832-4EDA-A1FE-21BD49B557B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{105AD552-18CA-4D17-B9B7-AED8EC2B054C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FF71AC5D-FE06-4BE0-9B91-C3EA67420331}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2AC40E4A-AE14-41E0-A706-D0320EB6BD3D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3427CBAA-D3D8-4A3A-951E-A5B22ED2FB97}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{3506EF8F-5FD9-49F5-88E1-22713EED8EEA}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{A3F53041-E8C3-4BD7-837C-557E76B2B60C}] => (Allow) C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{874F5915-5456-4A89-8FFF-2D7A82DCD8BC}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{EBBC009B-75F7-4BAE-BC20-F3C1FDFEB72F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{EEBF623C-714A-4C1D-8387-0E72EEFE6BE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A9DD803-0FE3-4902-AB16-C005009497EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2015 09:26:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:26:06:9560)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (06/01/2015 09:26:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:26:06:9400)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (06/01/2015 09:26:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:26:06:9090)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (06/01/2015 09:26:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:26:06:8470)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7320)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7320)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7310)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7310)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7270)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7270)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt


System errors:
=============
Error: (06/01/2015 09:05:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%16405

Error: (06/01/2015 09:03:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/01/2015 08:55:45 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (06/01/2015 08:53:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/29/2015 09:04:16 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (05/29/2015 08:14:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/29/2015 08:11:10 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (05/29/2015 06:36:26 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/29/2015 06:33:34 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (05/28/2015 11:08:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-01 19:24:41.998
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-01 19:24:41.652
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-04-19 10:48:52.466
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Andreas\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-04-19 10:48:52.403
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Andreas\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P9500 @ 2.53GHz
Percentage of memory in use: 43%
Total physical RAM: 8088.03 MB
Available physical RAM: 4582.75 MB
Total Pagefile: 16174.25 MB
Available Pagefile: 12393.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.33 GB) (Free:38.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1669C708)
Partition 1: (Active) - (Size=292.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5.8 GB) - (Type=12)

==================== End of log ============================
         
__________________


Alt 01.06.2015, 21:45   #3
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook Teil 3



GMER:
Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-01 21:55:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.FB4Z 298,09GB
Running: 6u9fux59.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\uwtiqfob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          00000000748d1401 2 bytes JMP 74a0b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            00000000748d1419 2 bytes JMP 74a0b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          00000000748d1431 2 bytes JMP 74a88f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          00000000748d144a 2 bytes CALL 749e4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                     * 9
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000748d14dd 2 bytes JMP 74a88802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000748d14f5 2 bytes JMP 74a889d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             00000000748d150d 2 bytes JMP 74a886f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      00000000748d1525 2 bytes JMP 74a88ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            00000000748d153d 2 bytes JMP 749ffc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 00000000748d1555 2 bytes JMP 74a068bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          00000000748d156d 2 bytes JMP 74a88fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            00000000748d1585 2 bytes JMP 74a88b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               00000000748d159d 2 bytes JMP 74a886bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000748d15b5 2 bytes JMP 749ffd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000748d15cd 2 bytes JMP 74a0b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000748d16b2 2 bytes JMP 74a88e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000748d16bd 2 bytes JMP 74a88651 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                00000000748d1401 2 bytes JMP 74a0b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                  00000000748d1419 2 bytes JMP 74a0b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                00000000748d1431 2 bytes JMP 74a88f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                00000000748d144a 2 bytes CALL 749e4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                     * 9
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                   00000000748d14dd 2 bytes JMP 74a88802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17            00000000748d14f5 2 bytes JMP 74a889d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                   00000000748d150d 2 bytes JMP 74a886f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17            00000000748d1525 2 bytes JMP 74a88ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                  00000000748d153d 2 bytes JMP 749ffc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                       00000000748d1555 2 bytes JMP 74a068bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                00000000748d156d 2 bytes JMP 74a88fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                  00000000748d1585 2 bytes JMP 74a88b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                     00000000748d159d 2 bytes JMP 74a886bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                  00000000748d15b5 2 bytes JMP 749ffd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                00000000748d15cd 2 bytes JMP 74a0b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20            00000000748d16b2 2 bytes JMP 74a88e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31            00000000748d16bd 2 bytes JMP 74a88651 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          00000000748d1401 2 bytes JMP 74a0b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            00000000748d1419 2 bytes JMP 74a0b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          00000000748d1431 2 bytes JMP 74a88f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          00000000748d144a 2 bytes CALL 749e4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                     * 9
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000748d14dd 2 bytes JMP 74a88802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000748d14f5 2 bytes JMP 74a889d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             00000000748d150d 2 bytes JMP 74a886f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      00000000748d1525 2 bytes JMP 74a88ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            00000000748d153d 2 bytes JMP 749ffc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 00000000748d1555 2 bytes JMP 74a068bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          00000000748d156d 2 bytes JMP 74a88fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            00000000748d1585 2 bytes JMP 74a88b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               00000000748d159d 2 bytes JMP 74a886bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000748d15b5 2 bytes JMP 749ffd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000748d15cd 2 bytes JMP 74a0b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000748d16b2 2 bytes JMP 74a88e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000748d16bd 2 bytes JMP 74a88651 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17         00000000748d1401 2 bytes JMP 74a0b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17           00000000748d1419 2 bytes JMP 74a0b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17         00000000748d1431 2 bytes JMP 74a88f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42         00000000748d144a 2 bytes CALL 749e4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                     * 9
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17            00000000748d14dd 2 bytes JMP 74a88802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17     00000000748d14f5 2 bytes JMP 74a889d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17            00000000748d150d 2 bytes JMP 74a886f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17     00000000748d1525 2 bytes JMP 74a88ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17           00000000748d153d 2 bytes JMP 749ffc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                00000000748d1555 2 bytes JMP 74a068bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17         00000000748d156d 2 bytes JMP 74a88fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17           00000000748d1585 2 bytes JMP 74a88b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17              00000000748d159d 2 bytes JMP 74a886bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17           00000000748d15b5 2 bytes JMP 749ffd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17         00000000748d15cd 2 bytes JMP 74a0b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20     00000000748d16b2 2 bytes JMP 74a88e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31     00000000748d16bd 2 bytes JMP 74a88651 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17      00000000748d1401 2 bytes JMP 74a0b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17        00000000748d1419 2 bytes JMP 74a0b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17      00000000748d1431 2 bytes JMP 74a88f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42      00000000748d144a 2 bytes CALL 749e4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                     * 9
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17         00000000748d14dd 2 bytes JMP 74a88802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17  00000000748d14f5 2 bytes JMP 74a889d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17         00000000748d150d 2 bytes JMP 74a886f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17  00000000748d1525 2 bytes JMP 74a88ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17        00000000748d153d 2 bytes JMP 749ffc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17             00000000748d1555 2 bytes JMP 74a068bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17      00000000748d156d 2 bytes JMP 74a88fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17        00000000748d1585 2 bytes JMP 74a88b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17           00000000748d159d 2 bytes JMP 74a886bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17        00000000748d15b5 2 bytes JMP 749ffd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17      00000000748d15cd 2 bytes JMP 74a0b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20  00000000748d16b2 2 bytes JMP 74a88e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3176] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31  00000000748d16bd 2 bytes JMP 74a88651 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17           00000000748d1401 2 bytes JMP 74a0b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17             00000000748d1419 2 bytes JMP 74a0b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17           00000000748d1431 2 bytes JMP 74a88f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42           00000000748d144a 2 bytes CALL 749e4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                     * 9
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17              00000000748d14dd 2 bytes JMP 74a88802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17       00000000748d14f5 2 bytes JMP 74a889d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17              00000000748d150d 2 bytes JMP 74a886f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17       00000000748d1525 2 bytes JMP 74a88ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17             00000000748d153d 2 bytes JMP 749ffc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                  00000000748d1555 2 bytes JMP 74a068bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17           00000000748d156d 2 bytes JMP 74a88fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17             00000000748d1585 2 bytes JMP 74a88b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                00000000748d159d 2 bytes JMP 74a886bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17             00000000748d15b5 2 bytes JMP 749ffd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17           00000000748d15cd 2 bytes JMP 74a0b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20       00000000748d16b2 2 bytes JMP 74a88e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31       00000000748d16bd 2 bytes JMP 74a88651 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17           00000000748d1401 2 bytes JMP 74a0b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17             00000000748d1419 2 bytes JMP 74a0b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17           00000000748d1431 2 bytes JMP 74a88f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42           00000000748d144a 2 bytes CALL 749e4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                     * 9
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17              00000000748d14dd 2 bytes JMP 74a88802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17       00000000748d14f5 2 bytes JMP 74a889d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17              00000000748d150d 2 bytes JMP 74a886f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17       00000000748d1525 2 bytes JMP 74a88ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17             00000000748d153d 2 bytes JMP 749ffc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                  00000000748d1555 2 bytes JMP 74a068bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17           00000000748d156d 2 bytes JMP 74a88fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17             00000000748d1585 2 bytes JMP 74a88b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                00000000748d159d 2 bytes JMP 74a886bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17             00000000748d15b5 2 bytes JMP 749ffd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17           00000000748d15cd 2 bytes JMP 74a0b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20       00000000748d16b2 2 bytes JMP 74a88e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31       00000000748d16bd 2 bytes JMP 74a88651 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    00000000748d1401 2 bytes JMP 74a0b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      00000000748d1419 2 bytes JMP 74a0b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    00000000748d1431 2 bytes JMP 74a88f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    00000000748d144a 2 bytes CALL 749e4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                     * 9
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                       00000000748d14dd 2 bytes JMP 74a88802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                00000000748d14f5 2 bytes JMP 74a889d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                       00000000748d150d 2 bytes JMP 74a886f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                00000000748d1525 2 bytes JMP 74a88ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      00000000748d153d 2 bytes JMP 749ffc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                           00000000748d1555 2 bytes JMP 74a068bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    00000000748d156d 2 bytes JMP 74a88fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      00000000748d1585 2 bytes JMP 74a88b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                         00000000748d159d 2 bytes JMP 74a886bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      00000000748d15b5 2 bytes JMP 749ffd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    00000000748d15cd 2 bytes JMP 74a0b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                00000000748d16b2 2 bytes JMP 74a88e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                00000000748d16bd 2 bytes JMP 74a88651 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:2368]                                                 0000000076f213b5
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3096]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3100]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3104]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3108]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3112]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3116]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3344]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3348]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3352]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3584]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3588]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3612]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3616]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3628]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3664]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3672]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3676]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3688]                                                 0000000076f327e5
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3708]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3716]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3772]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3144]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:2164]                                                 000000006ad229e1
Thread  C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1520:3532]                                                 0000000076f327e5
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4556:4684]                                                                  0000000075027587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4556:4716]                                                                  0000000069e87712
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4556:4748]                                                                  0000000076f213b5
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4556:5084]                                                                  0000000076f327e5
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4556:6964]                                                                  0000000076f327e5

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e855a4                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e855a4@9c18741caa14                                                0x52 0x49 0x36 0xEA ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e855a4@98f5379ff436                                                0x06 0x93 0x1B 0xFF ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e855a4@ccf9e85dc25a                                                0x4E 0xF0 0x3F 0x35 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e855a4@e83eb625ede9                                                0x64 0xEA 0xAC 0x39 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                     0xD4 0xC3 0x97 0x02 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                     0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                  0x73 0x5A 0xEF 0xF7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                            0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                         0xBF 0x52 0x51 0xBF ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                    0x13 0xB0 0xCA 0x3D ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e855a4 (not active ControlSet)                                         
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e855a4@9c18741caa14                                                    0x52 0x49 0x36 0xEA ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e855a4@98f5379ff436                                                    0x06 0x93 0x1B 0xFF ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e855a4@ccf9e85dc25a                                                    0x4E 0xF0 0x3F 0x35 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e855a4@e83eb625ede9                                                    0x64 0xEA 0xAC 0x39 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                    
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                         C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                         0xD4 0xC3 0x97 0x02 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                         0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                      0x73 0x5A 0xEF 0xF7 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                             0xBF 0x52 0x51 0xBF ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                        0x13 0xB0 0xCA 0x3D ...

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---

Noch zur Info, da es schon einmal angesprochen wurde: Bin Student auf einer TU in Österreich. Win7 Professional, Office 2007 Enterprise usw. sind Studentenversionen von meiner Universität.

Ich bitte um Hilfe zur vollständigen Bereinigung. Danke im Voraus!
__________________

Alt 03.06.2015, 18:02   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2015, 14:28   #5
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



Hallo,

vielen Dank für die Hilfe.

Combofix ist jetzt fertig. Ich habe vor dem Start von Combofix den AntiVir Echtzeitscanner deakiviert. Mit dem Start von Combofix ist dann aber nach kurzer Zeit eine AntiVir Meldung bezüglich Registry gekommen.

Code:
ATTFilter
Exportierte Ereignisse:

04.06.2015 14:29 [Echtzeit-Scanner] Registry blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry 
      blockiert.
         
Dachte eigentlich, dass es reicht, den Echtzeitscanner zu deakivieren (mir ist nicht bekannt, wie man AntiVir vollständig abschalten kann, außer durch Deinstallation).

Während des Combofix Scans sind 2-3 Fehlermeldungen gekommen, wo es drum ging, dass von einer Registry-Datei kein Backup erstellt werden konnte bzw. dass eine Systemdatei nicht wiederhergestellt werden konnte. Es wurde bei den Meldungen mit Ja/Nein gefragt, ob man trotzdem weitermachen soll. Ich hab immer mit Ja bestätigt. Ich kann mich an den genauen Wortlaut leider nicht mehr erinnern.

Nach dem Neustart habe ich, da der Bildschirm lange Zeit schwarz blieb die Maus etwas bewegt und mit den FN Tasten versucht, die Bildschirmhelligkeit zu erhöhen. Um ehrlich zu sein, hatte ich Angst, dass das Notbook im Eimer ist. Kurze Zeit danach wurde der Desktop dann doch geladen und das Combofix-Fenster tauchte wieder auf.

Hier das Log-File von Combofix:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 15-05-31.01 - Andreas 04.06.2015  14:31:49.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.8088.5639 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Andreas\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\SysWow64\ReadMe.txt
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!SysWOW64!userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-04 bis 2015-06-04  ))))))))))))))))))))))))))))))
.
.
2015-06-04 12:51 . 2015-06-04 12:51	--------	d-----w-	c:\windows\SysWow64\config\systemprofile\Opera Autoupdate
2015-06-04 12:41 . 2015-06-04 12:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-04 12:41 . 2015-06-04 12:41	--------	d-----w-	c:\users\TEST\AppData\Local\temp
2015-06-01 19:27 . 2015-06-01 19:31	--------	d-----w-	C:\FRST
2015-06-01 18:53 . 2015-06-01 19:03	--------	d-s---w-	c:\windows\system32\GWX
2015-06-01 18:53 . 2015-06-01 18:53	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-05-29 06:48 . 2015-05-29 06:48	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2015-05-29 06:48 . 2015-05-29 06:48	--------	d-----r-	c:\program files (x86)\Skype
2015-05-29 06:44 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 06:44 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-28 21:50 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-28 21:49 . 2015-03-25 03:24	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-05-28 21:48 . 2015-02-18 07:06	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2015-05-28 21:48 . 2015-02-18 07:04	142336	----a-w-	c:\windows\system32\poqexec.exe
2015-05-28 21:48 . 2015-02-25 03:18	754688	----a-w-	c:\windows\system32\drivers\http.sys
2015-05-28 21:48 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-28 21:48 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-28 21:48 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-28 21:48 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-28 21:48 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-28 21:48 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-28 21:48 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-05-28 21:48 . 2015-03-04 04:55	367552	----a-w-	c:\windows\system32\clfs.sys
2015-05-28 21:48 . 2015-03-04 04:41	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-05-28 21:48 . 2015-03-04 04:10	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-04 11:57 . 2013-06-26 22:06	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-06-04 11:57 . 2013-06-26 22:06	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-06-01 19:03 . 2012-04-08 11:22	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-01 19:03 . 2011-06-08 06:23	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-28 21:20 . 2013-06-26 22:06	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-04-30 08:07 . 2010-01-19 23:25	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-21 16:11 . 2015-05-28 21:51	504320	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-04-21 15:02 . 2015-05-28 21:51	1882112	----a-w-	c:\windows\SysWow64\wininet.dll
2015-04-04 03:05 . 2015-05-28 21:51	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-04-04 03:05 . 2015-05-28 21:51	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-03-25 03:00 . 2015-05-28 21:49	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-05-28 21:49	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-05-28 21:49	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-05-28 21:49	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-05-28 21:49	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-17 04:56 . 2015-05-28 21:49	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-17 04:56 . 2015-05-28 21:49	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-03-17 03:45 . 2015-05-28 21:49	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-20 18:22	222920	----a-w-	c:\users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-20 18:22	222920	----a-w-	c:\users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-20 18:22	222920	----a-w-	c:\users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\RotateImage\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-03-20 6390104]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-06-04 728312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-4-14 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe;c:\windows\SYSNATIVE\ADMonitor.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys;c:\windows\SYSNATIVE\DRIVERS\zghsnmea.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe;c:\windows\SYSNATIVE\ATService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe;c:\windows\SYSNATIVE\DTS.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys;c:\windows\SYSNATIVE\DRIVERS\RCUVCMNP.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 19:03]
.
2015-06-04 c:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
- c:\program files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2013-02-13 17:59]
.
2014-02-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2015-06-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-20 18:22	261832	----a-w-	c:\users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-20 18:22	261832	----a-w-	c:\users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-20 18:22	261832	----a-w-	c:\users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 60920]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-03-14 63832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"PasswordManager"="c:\program files\Lenovo\Password Manager\password_manager.exe" [2014-06-23 1665824]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\eb4qzeqm.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Free YouTube Download_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files (x86)\Electronic Arts\The Lord of the Rings
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000000a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-04  15:00:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-04 13:00
.
Vor Suchlauf: 26 Verzeichnis(se), 40.024.809.472 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 39.258.468.352 Bytes frei
.
- - End Of File - - B5591E1268ABE038DF87B53D23ED4FF2
         
--- --- --- F0643D986761C7A6BA4A0D4207D6731F

Ich hoffe, meine Ungeduld und meine Unfähigkeit AntiVir vollständig abzuschalten hatten keine negativen Auswirkungen auf die Arbeit von Combofix?!


Geändert von lab-star (04.06.2015 um 14:39 Uhr)

Alt 05.06.2015, 11:04   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



passt

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> PUA/iLivid.Gen auf Win7x64 Notebook

Alt 09.06.2015, 07:32   #7
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



Hi,

anbei die Log-Files. Hat leider etwas lange Gedauert, hatte die letzten Tage leider keine Zeit für mein Notebook.

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.06.2015
Suchlauf-Zeit: 06:57:55
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.09.01
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Andreas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 442824
Verstrichene Zeit: 41 Min, 45 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Adw:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 09/06/2015 um 07:57:20
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Andreas - ANDREAS-PC
# Gestarted von : C:\Users\Andreas\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\HPAppData
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\ConvAPIPlugin.log
Datei Gelöscht : C:\Users\TEST\AppData\Roaming\ConvAPIPlugin.log

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKU\.DEFAULT\Software\APN
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Ask.com
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskToolbar

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v35.0 (x86 de)


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [1315 Bytes] - [09/06/2015 07:43:47]
AdwCleaner[S0].txt - [1100 Bytes] - [09/06/2015 07:57:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1159  Bytes] ##########
         
--- --- ---

[/CODE]

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Professional x64
Ran by Andreas on 09.06.2015 at  8:12:42,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [Task] C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Andreas\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Andreas\AppData\Roaming\pcdr





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.06.2015 at  8:16:17,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Frisches FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Andreas (administrator) on ANDREAS-PC on 09-06-2015 08:20:06
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available Profiles: Andreas & TEST)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-10-21] (AuthenTec, Inc.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-10-21] (AuthenTec)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\RotateImage\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-06-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2013-06-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001 -> {0DAD6D0C-0E15-4156-BA95-9D9E8E157B43} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\eb4qzeqm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-06-01] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-06-01] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-26]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-06-30]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-10-21] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-06-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-06-04] (Avira Operations GmbH & Co. KG)
S2 ATService; C:\Windows\system32\ATService.exe [2715456 2010-10-21] (AuthenTec, Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-10-21] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-09-14] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-11] (Synaptics, Inc.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2009-09-25] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
S2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U875UVC; C:\Windows\System32\DRIVERS\RCUVCMNP.sys [220032 2009-10-23] (Ricoh co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-05-28] (Avira Operations GmbH & Co. KG)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2011-05-09] (Google Inc)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [11776 2010-10-20] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-27] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2010-10-18] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [127056 2010-10-18] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2010-10-18] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 08:16 - 2015-06-09 08:16 - 00000967 _____ C:\Users\Andreas\Desktop\JRT.txt
2015-06-09 08:12 - 2015-06-09 08:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ANDREAS-PC-Windows-7-Professional-(64-bit).dat
2015-06-09 08:12 - 2015-06-09 08:12 - 00000000 ____D C:\RegBackup
2015-06-09 08:11 - 2015-06-09 08:11 - 02943663 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT.exe
2015-06-09 08:02 - 2015-06-09 08:02 - 00001239 _____ C:\Users\Andreas\Desktop\AdwCleaner[S0].txt
2015-06-09 07:43 - 2015-06-09 07:57 - 00000000 ____D C:\AdwCleaner
2015-06-09 07:42 - 2015-06-09 07:42 - 02231296 _____ C:\Users\Andreas\Desktop\AdwCleaner_4.206.exe
2015-06-09 07:41 - 2015-06-09 07:41 - 00001211 _____ C:\Users\Andreas\Desktop\MBAM.txt
2015-06-09 06:52 - 2015-06-09 06:52 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-09 06:52 - 2015-06-09 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-09 06:52 - 2015-06-09 06:52 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-09 06:52 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-09 06:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-09 06:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-09 06:50 - 2015-06-09 06:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-04 15:10 - 2015-06-04 15:10 - 00000378 _____ C:\Users\Andreas\Desktop\Ereignisse_2.txt
2015-06-04 15:00 - 2015-06-04 15:00 - 00030935 _____ C:\ComboFix.txt
2015-06-04 14:29 - 2015-06-04 15:00 - 00000000 ____D C:\Qoobox
2015-06-04 14:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-04 14:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-04 14:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-04 14:28 - 2015-06-04 14:58 - 00000000 ____D C:\Windows\erdnt
2015-06-04 14:26 - 2015-06-04 14:26 - 05628238 ____R (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2015-06-01 22:10 - 2015-01-20 19:54 - 00001515 _____ C:\Users\Andreas\Desktop\Kernel_Power_Shutdown.txt
2015-06-01 22:10 - 2015-01-20 18:42 - 00000800 _____ C:\Users\Andreas\Desktop\Ereignisse.txt
2015-06-01 22:07 - 2015-05-29 08:06 - 00044442 _____ C:\Users\Andreas\Desktop\AVSCAN-20150529-080413-1F3C304D.LOG
2015-06-01 22:07 - 2015-05-29 07:58 - 00059338 _____ C:\Users\Andreas\Desktop\AVSCAN-20150529-063932-33DADCE7.LOG
2015-06-01 22:05 - 2015-06-01 22:06 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-06-01 21:55 - 2015-06-01 21:55 - 00040932 _____ C:\Users\Andreas\Desktop\Gmer.log
2015-06-01 21:33 - 2015-06-01 21:33 - 00380416 _____ C:\Users\Andreas\Desktop\6u9fux59.exe
2015-06-01 21:31 - 2015-06-01 21:31 - 00058847 _____ C:\Users\Andreas\Desktop\Addition.txt
2015-06-01 21:28 - 2015-06-09 08:20 - 00016552 _____ C:\Users\Andreas\Desktop\FRST.txt
2015-06-01 21:27 - 2015-06-09 08:20 - 00000000 ____D C:\FRST
2015-06-01 21:26 - 2015-06-09 08:19 - 02108928 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2015-06-01 20:53 - 2015-06-01 21:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-01 20:53 - 2015-06-01 20:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-29 08:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:36 - 2015-05-29 08:36 - 00767664 _____ C:\Users\Andreas\Desktop\Trojanerboard_Anleitung.xps
2015-05-29 08:10 - 2015-06-01 21:22 - 00000528 _____ C:\Users\Andreas\Desktop\defogger_disable.log
2015-05-29 08:10 - 2015-05-29 08:10 - 00000020 _____ C:\Users\Andreas\defogger_reenable
2015-05-29 08:09 - 2015-05-29 08:09 - 00050477 _____ C:\Users\Andreas\Desktop\Defogger.exe
2015-05-29 00:10 - 2015-05-29 00:10 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422026928
2015-05-28 23:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-28 23:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-28 23:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-28 23:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-28 23:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-28 23:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-28 23:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-28 23:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-28 23:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-28 23:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-28 23:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-28 23:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-28 23:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-28 23:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-28 23:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-28 23:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-28 23:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-28 23:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-28 23:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-28 23:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-28 23:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-28 23:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-28 23:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-28 23:51 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-28 23:51 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-28 23:51 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-28 23:51 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-28 23:51 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-28 23:51 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-28 23:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-28 23:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-28 23:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-28 23:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-28 23:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-28 23:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-28 23:49 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-28 23:49 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-28 23:49 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-28 23:49 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-28 23:49 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-28 23:49 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-28 23:49 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-28 23:49 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-28 23:49 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-28 23:49 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-28 23:49 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-28 23:49 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-28 23:49 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-28 23:48 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-28 23:48 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-28 23:48 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-28 23:48 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-28 23:48 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-28 23:48 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-28 23:33 - 2015-05-28 23:33 - 00001095 _____ C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 08:20 - 2009-07-14 06:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 08:20 - 2009-07-14 06:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 08:09 - 2010-01-20 01:12 - 01896753 _____ C:\Windows\WindowsUpdate.log
2015-06-09 08:06 - 2013-02-13 17:18 - 00000550 _____ C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2015-06-09 08:05 - 2013-06-13 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 07:59 - 2015-01-21 00:32 - 00005187 _____ C:\Windows\setupact.log
2015-06-09 07:59 - 2011-07-29 08:38 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-09 07:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 07:58 - 2015-03-21 21:10 - 00368930 _____ C:\Windows\PFRO.log
2015-06-09 06:53 - 2014-03-31 14:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-09 06:46 - 2011-07-29 08:38 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-09 06:45 - 2011-07-29 08:38 - 00003500 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-04 15:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-04 14:52 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-04 14:51 - 2010-01-20 01:38 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-04 14:44 - 2009-07-14 04:34 - 68943872 _____ C:\Windows\system32\config\components.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-04 14:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-04 14:24 - 2013-06-27 00:11 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Avira
2015-06-04 14:02 - 2013-06-27 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-04 14:00 - 2012-05-16 19:30 - 00000000 ____D C:\ProgramData\Avira
2015-06-04 13:57 - 2013-06-27 00:06 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-04 13:57 - 2013-06-27 00:06 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-01 21:03 - 2013-06-13 09:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-01 21:03 - 2012-04-08 13:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-01 21:03 - 2011-06-08 08:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 20:58 - 2009-07-14 06:45 - 00541624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 20:56 - 2009-07-14 19:58 - 00751858 _____ C:\Windows\system32\perfh007.dat
2015-06-01 20:56 - 2009-07-14 19:58 - 00170598 _____ C:\Windows\system32\perfc007.dat
2015-06-01 20:56 - 2009-07-14 07:13 - 01768306 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-01 20:54 - 2014-12-13 15:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-01 20:54 - 2014-05-06 23:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-01 20:54 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-01 20:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-29 09:02 - 2010-01-20 01:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-29 09:01 - 2010-06-15 16:53 - 01742586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-29 09:00 - 2013-08-18 12:49 - 00000000 ____D C:\Windows\system32\MRT
2015-05-29 08:48 - 2013-09-09 21:10 - 00000000 ____D C:\ProgramData\Skype
2015-05-29 08:43 - 2012-05-20 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-29 08:35 - 2012-10-15 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-29 08:10 - 2010-01-20 01:18 - 00000000 ____D C:\Users\Andreas
2015-05-29 08:07 - 2015-01-20 23:00 - 00000000 ____D C:\Users\Andreas\Desktop\Adware Infizierung
2015-05-29 08:07 - 2010-10-27 22:18 - 00000000 ____D C:\Users\Andreas\Johanna
2015-05-29 07:54 - 2010-02-15 13:56 - 00000000 ____D C:\ProgramData\Lenovo
2015-05-29 07:45 - 2011-02-16 20:04 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-05-29 07:45 - 2010-04-15 21:17 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-05-29 07:45 - 2010-01-20 02:32 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-05-29 07:43 - 2010-01-20 03:06 - 00000000 ____D C:\Windows\Downloaded Installations
2015-05-29 02:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-29 00:10 - 2010-04-15 21:12 - 00000000 ____D C:\SWSHARE
2015-05-28 23:57 - 2014-12-14 13:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-28 23:42 - 2010-12-10 16:47 - 00000000 ____D C:\Users\Andreas\Geschäftlich
2015-05-28 23:33 - 2014-09-26 13:50 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-28 23:33 - 2013-06-27 00:06 - 00000000 ____D C:\Program Files (x86)\Avira
2015-05-28 23:20 - 2013-06-27 00:06 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-28 23:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2011-01-30 15:38 - 2011-05-06 14:35 - 0038423 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-05-06 14:49 - 2011-05-06 14:49 - 0012955 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-06-14 15:05 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Roaming\winscp.rnd
2010-05-05 00:50 - 2015-03-21 01:16 - 0021504 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 15:52 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Local\PUTTY.RND
2011-10-21 16:26 - 2011-10-21 16:26 - 0001472 _____ () C:\Users\Andreas\AppData\Local\RecConfig.xml
2014-05-23 13:31 - 2014-05-23 13:31 - 0000857 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2011-03-03 18:27 - 2013-11-22 10:21 - 0007608 _____ () C:\Users\Andreas\AppData\Local\resmon.resmoncfg
2010-01-21 21:16 - 2014-02-08 22:32 - 0038412 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-29 02:00

==================== End of log ============================
         
--- --- ---


Beste Grüße

Alt 09.06.2015, 20:24   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.06.2015, 07:54   #9
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



Hi!
Sorry, dass es wieder so lange gedauert hat. War letzte Woche beruflich verhindert...

Zitat:
Zitat von schrauber Beitrag anzeigen

und ein frisches FRST log bitte. Noch Probleme?
Also so direkt Probleme fallen mir zur Zeit keine auf. Aber ESET hat scheinbar etwas gefunden

ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fc0825cc943985478aa609d1b11a0bd9
# end=init
# utc_time=2015-06-12 10:16:44
# local_time=2015-06-13 12:16:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24308
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fc0825cc943985478aa609d1b11a0bd9
# end=updated
# utc_time=2015-06-12 10:22:00
# local_time=2015-06-13 12:22:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=fc0825cc943985478aa609d1b11a0bd9
# engine=24308
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-13 02:34:53
# local_time=2015-06-13 04:34:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 59726320 185792743 0 0
# scanned=532516
# found=4
# cleaned=0
# scan_time=15172
sh=28E7682E6C2E29E3CEC11582C6EA8DE78F7A82F9 ft=1 fh=1843afb1c5f71d45 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HyperCam 2\hctoolbar.exe"
sh=71F296729AE58E14D7E292ADA6FAC98426A86E45 ft=1 fh=398a74cd79f5e672 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\Software-Setupdateien\FreeStudio.exe"
sh=7D8B34AF8EF5385B76FC7AE691D0F5C9B1412A03 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DF Trojaner" ac=I fn="C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\ACER_AIO_TOOLBOX_v2.3.0\ACER_AIO_TOOLBOX_v2.3.0.zip"
sh=C700B057F08F953383F25CA402BDF8DED81ACCC3 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DF Trojaner" ac=I fn="C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\Root\ICS_rooting_A10x_A5xx\ICS_rooting_A10x_A5xx.zip"
         
Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 37  
 Java(TM) SE Development Kit 6 Update 17 
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox 35.0 Firefox out of Date!  
 Mozilla Thunderbird (31.4.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Andreas (administrator) on ANDREAS-PC on 13-06-2015 08:44:10
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available Profiles: Andreas & TEST)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-10-21] (AuthenTec, Inc.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-10-21] (AuthenTec)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\RotateImage\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-06-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2013-06-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001 -> {0DAD6D0C-0E15-4156-BA95-9D9E8E157B43} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\eb4qzeqm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-13] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-26]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-06-30]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-10-21] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-06-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-06-04] (Avira Operations GmbH & Co. KG)
S2 ATService; C:\Windows\system32\ATService.exe [2715456 2010-10-21] (AuthenTec, Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-10-21] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-09-14] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-11] (Synaptics, Inc.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2009-09-25] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
S2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U875UVC; C:\Windows\System32\DRIVERS\RCUVCMNP.sys [220032 2009-10-23] (Ricoh co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-05-28] (Avira Operations GmbH & Co. KG)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2011-05-09] (Google Inc)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [11776 2010-10-20] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-27] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2010-10-18] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [127056 2010-10-18] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2010-10-18] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 08:41 - 2015-06-13 08:41 - 00000908 _____ C:\Users\Andreas\Desktop\checkup_security_check.txt
2015-06-13 08:36 - 2015-06-13 08:36 - 00852639 _____ C:\Users\Andreas\Desktop\SecurityCheck.exe
2015-06-13 00:16 - 2015-06-13 00:16 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-13 00:14 - 2015-06-13 00:14 - 02870984 _____ (ESET) C:\Users\Andreas\Desktop\esetsmartinstaller_deu.exe
2015-06-13 00:08 - 2015-06-13 00:08 - 00001080 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-09 21:50 - 2015-06-09 21:50 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\PCDr
2015-06-09 21:48 - 2015-06-09 21:50 - 00000000 ____D C:\ProgramData\PCDr
2015-06-09 08:22 - 2015-06-09 08:22 - 00056577 _____ C:\Users\Andreas\Desktop\FRST_2.txt
2015-06-09 08:16 - 2015-06-09 08:16 - 00000967 _____ C:\Users\Andreas\Desktop\JRT.txt
2015-06-09 08:12 - 2015-06-09 08:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ANDREAS-PC-Windows-7-Professional-(64-bit).dat
2015-06-09 08:12 - 2015-06-09 08:12 - 00000000 ____D C:\RegBackup
2015-06-09 08:11 - 2015-06-09 08:11 - 02943663 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT.exe
2015-06-09 08:02 - 2015-06-09 07:57 - 00001239 _____ C:\Users\Andreas\Desktop\AdwCleaner[S0].txt
2015-06-09 07:43 - 2015-06-09 07:57 - 00000000 ____D C:\AdwCleaner
2015-06-09 07:42 - 2015-06-09 07:42 - 02231296 _____ C:\Users\Andreas\Desktop\AdwCleaner_4.206.exe
2015-06-09 07:41 - 2015-06-09 07:41 - 00001211 _____ C:\Users\Andreas\Desktop\MBAM.txt
2015-06-09 06:52 - 2015-06-09 06:52 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-09 06:52 - 2015-06-09 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-09 06:52 - 2015-06-09 06:52 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-09 06:52 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-09 06:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-09 06:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-09 06:50 - 2015-06-09 06:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-04 15:10 - 2015-06-04 15:10 - 00000378 _____ C:\Users\Andreas\Desktop\Ereignisse_2.txt
2015-06-04 15:00 - 2015-06-04 15:00 - 00030935 _____ C:\ComboFix.txt
2015-06-04 14:29 - 2015-06-04 15:00 - 00000000 ____D C:\Qoobox
2015-06-04 14:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-04 14:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-04 14:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-04 14:28 - 2015-06-04 14:58 - 00000000 ____D C:\Windows\erdnt
2015-06-04 14:26 - 2015-06-04 14:26 - 05628238 ____R (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2015-06-01 22:10 - 2015-01-20 19:54 - 00001515 _____ C:\Users\Andreas\Desktop\Kernel_Power_Shutdown.txt
2015-06-01 22:10 - 2015-01-20 18:42 - 00000800 _____ C:\Users\Andreas\Desktop\Ereignisse.txt
2015-06-01 22:07 - 2015-05-29 08:06 - 00044442 _____ C:\Users\Andreas\Desktop\AVSCAN-20150529-080413-1F3C304D.LOG
2015-06-01 22:07 - 2015-05-29 07:58 - 00059338 _____ C:\Users\Andreas\Desktop\AVSCAN-20150529-063932-33DADCE7.LOG
2015-06-01 22:05 - 2015-06-01 22:06 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-06-01 21:55 - 2015-06-01 21:55 - 00040932 _____ C:\Users\Andreas\Desktop\Gmer.log
2015-06-01 21:33 - 2015-06-01 21:33 - 00380416 _____ C:\Users\Andreas\Desktop\6u9fux59.exe
2015-06-01 21:31 - 2015-06-01 21:31 - 00058847 _____ C:\Users\Andreas\Desktop\Addition.txt
2015-06-01 21:28 - 2015-06-13 08:44 - 00016630 _____ C:\Users\Andreas\Desktop\FRST.txt
2015-06-01 21:27 - 2015-06-13 08:44 - 00000000 ____D C:\FRST
2015-06-01 21:26 - 2015-06-09 08:19 - 02108928 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2015-06-01 20:53 - 2015-06-01 21:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-01 20:53 - 2015-06-01 20:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-29 08:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:36 - 2015-05-29 08:36 - 00767664 _____ C:\Users\Andreas\Desktop\Trojanerboard_Anleitung.xps
2015-05-29 08:10 - 2015-06-01 21:22 - 00000528 _____ C:\Users\Andreas\Desktop\defogger_disable.log
2015-05-29 08:10 - 2015-05-29 08:10 - 00000020 _____ C:\Users\Andreas\defogger_reenable
2015-05-29 08:09 - 2015-05-29 08:09 - 00050477 _____ C:\Users\Andreas\Desktop\Defogger.exe
2015-05-29 00:10 - 2015-06-13 00:12 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422026928
2015-05-28 23:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-28 23:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-28 23:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-28 23:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-28 23:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-28 23:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-28 23:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-28 23:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-28 23:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-28 23:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-28 23:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-28 23:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-28 23:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-28 23:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-28 23:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-28 23:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-28 23:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-28 23:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-28 23:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-28 23:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-28 23:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-28 23:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-28 23:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-28 23:51 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-28 23:51 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-28 23:51 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-28 23:51 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-28 23:51 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-28 23:51 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-28 23:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-28 23:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-28 23:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-28 23:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-28 23:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-28 23:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-28 23:49 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-28 23:49 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-28 23:49 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-28 23:49 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-28 23:49 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-28 23:49 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-28 23:49 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-28 23:49 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-28 23:49 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-28 23:49 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-28 23:49 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-28 23:49 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-28 23:49 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-28 23:48 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-28 23:48 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-28 23:48 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-28 23:48 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-28 23:48 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-28 23:48 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 08:06 - 2013-02-13 17:18 - 00000550 _____ C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2015-06-13 08:01 - 2013-06-13 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-13 07:17 - 2010-01-20 01:12 - 02075541 _____ C:\Windows\WindowsUpdate.log
2015-06-13 05:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 00:19 - 2011-07-29 08:38 - 00003500 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-13 00:19 - 2011-07-29 08:38 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-13 00:19 - 2011-07-29 08:38 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-13 00:12 - 2010-01-20 01:38 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-13 00:11 - 2009-07-14 06:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-13 00:11 - 2009-07-14 06:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-13 00:08 - 2014-09-26 13:50 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-13 00:08 - 2013-06-27 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-13 00:08 - 2013-06-27 00:06 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-13 00:08 - 2012-05-16 19:30 - 00000000 ____D C:\ProgramData\Avira
2015-06-13 00:07 - 2013-06-13 09:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-13 00:06 - 2012-04-08 13:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-13 00:06 - 2011-06-08 08:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-13 00:05 - 2015-01-21 00:32 - 00005299 _____ C:\Windows\setupact.log
2015-06-09 07:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 07:58 - 2015-03-21 21:10 - 00368930 _____ C:\Windows\PFRO.log
2015-06-09 06:53 - 2014-03-31 14:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 15:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-04 14:52 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-04 14:44 - 2009-07-14 04:34 - 68943872 _____ C:\Windows\system32\config\components.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-04 14:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-04 14:24 - 2013-06-27 00:11 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Avira
2015-06-04 13:57 - 2013-06-27 00:06 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-04 13:57 - 2013-06-27 00:06 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-01 20:58 - 2009-07-14 06:45 - 00541624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 20:56 - 2009-07-14 19:58 - 00751858 _____ C:\Windows\system32\perfh007.dat
2015-06-01 20:56 - 2009-07-14 19:58 - 00170598 _____ C:\Windows\system32\perfc007.dat
2015-06-01 20:56 - 2009-07-14 07:13 - 01768306 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-01 20:54 - 2014-12-13 15:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-01 20:54 - 2014-05-06 23:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-01 20:54 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-01 20:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-29 09:02 - 2010-01-20 01:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-29 09:01 - 2010-06-15 16:53 - 01742586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-29 09:00 - 2013-08-18 12:49 - 00000000 ____D C:\Windows\system32\MRT
2015-05-29 08:48 - 2013-09-09 21:10 - 00000000 ____D C:\ProgramData\Skype
2015-05-29 08:43 - 2012-05-20 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-29 08:35 - 2012-10-15 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-29 08:10 - 2010-01-20 01:18 - 00000000 ____D C:\Users\Andreas
2015-05-29 08:07 - 2015-01-20 23:00 - 00000000 ____D C:\Users\Andreas\Desktop\Adware Infizierung
2015-05-29 08:07 - 2010-10-27 22:18 - 00000000 ____D C:\Users\Andreas\Johanna
2015-05-29 07:54 - 2010-02-15 13:56 - 00000000 ____D C:\ProgramData\Lenovo
2015-05-29 07:45 - 2011-02-16 20:04 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-05-29 07:45 - 2010-04-15 21:17 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-05-29 07:45 - 2010-01-20 02:32 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-05-29 07:43 - 2010-01-20 03:06 - 00000000 ____D C:\Windows\Downloaded Installations
2015-05-29 00:10 - 2010-04-15 21:12 - 00000000 ____D C:\SWSHARE
2015-05-28 23:57 - 2014-12-14 13:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-28 23:42 - 2010-12-10 16:47 - 00000000 ____D C:\Users\Andreas\Geschäftlich
2015-05-28 23:20 - 2013-06-27 00:06 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-28 23:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2011-01-30 15:38 - 2011-05-06 14:35 - 0038423 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-05-06 14:49 - 2011-05-06 14:49 - 0012955 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-06-14 15:05 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Roaming\winscp.rnd
2010-05-05 00:50 - 2015-03-21 01:16 - 0021504 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 15:52 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Local\PUTTY.RND
2011-10-21 16:26 - 2011-10-21 16:26 - 0001472 _____ () C:\Users\Andreas\AppData\Local\RecConfig.xml
2014-05-23 13:31 - 2014-05-23 13:31 - 0000857 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2011-03-03 18:27 - 2013-11-22 10:21 - 0007608 _____ () C:\Users\Andreas\AppData\Local\resmon.resmoncfg
2010-01-21 21:16 - 2014-02-08 22:32 - 0038412 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 05:01

==================== End of log ============================
         


Beste Grüße!

--- --- ---

Alt 14.06.2015, 06:02   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



Java und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\HyperCam 2\hctoolbar.exe

C:\Users\Andreas\Software-Setupdateien\FreeStudio.exe

C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\ACER_AIO_TOOLBOX_v2.3.0\ACER_AIO_TOOLBOX_v2.3.0.zip

C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\Root\ICS_rooting_A10x_A5xx\ICS_rooting_A10x_A5xx.zip
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.06.2015, 15:01   #11
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



Hi!

Updates wurden gemacht:

Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.6) 
 Mozilla Thunderbird (31.4.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Anbei das Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Andreas at 2015-06-16 12:25:28 Run:1
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available Profiles: Andreas & TEST)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\HyperCam 2\hctoolbar.exe

C:\Users\Andreas\Software-Setupdateien\FreeStudio.exe

C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\ACER_AIO_TOOLBOX_v2.3.0\ACER_AIO_TOOLBOX_v2.3.0.zip

C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\Root\ICS_rooting_A10x_A5xx\ICS_rooting_A10x_A5xx.zip
Emptytemp:
         
*****************

C:\Program Files (x86)\HyperCam 2\hctoolbar.exe => moved successfully.
C:\Users\Andreas\Software-Setupdateien\FreeStudio.exe => moved successfully.
C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\ACER_AIO_TOOLBOX_v2.3.0\ACER_AIO_TOOLBOX_v2.3.0.zip => moved successfully.
C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\Root\ICS_rooting_A10x_A5xx\ICS_rooting_A10x_A5xx.zip => moved successfully.
EmptyTemp: => 656.3 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 12:25:37 ====
         
Ich werde mich jetzt an die Reinigung machen. Nach der Anwendung der Fixlist.txt war das Notebook zeitweise sehr langsam und hat mir auch nach dem ersten Neustart angezeigt, dass meine Win7 lizenz noch nicht auf Echtheit überprüft sei. Nach ein weiteren Neustarts war das Problem dann wieder behoben.

Muss ich da noch etwas beachten, oder ist so ein Verhalten normal?

Edit:

Habe jetzt die Bereinigung ausgeführt. Ich habe (weil ich mich verlesen habe) zuerst Combofix deinstalliert und dann erst Defogger laufen lassen, also mit falscher Reihenflolge. Ist das ein Problem?

Code:
ATTFilter
# DelFix v1.010 - Datei am 16/06/2015 um 16:54:55 erstellt
# Aktualisiert am 26/04/2015 von Xplode
# Benutzer : Andreas - ANDREAS-PC
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\RegBackup
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Andreas\Desktop\Addition.txt
Gelöscht : C:\Users\Andreas\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\Andreas\Desktop\AdwCleaner_4.206.exe
Gelöscht : C:\Users\Andreas\Desktop\Defogger.exe
Gelöscht : C:\Users\Andreas\Desktop\defogger_disable.log
Gelöscht : C:\Users\Andreas\Desktop\defogger_enable.log
Gelöscht : C:\Users\Andreas\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\Andreas\Desktop\Fixlog.txt
Gelöscht : C:\Users\Andreas\Desktop\FRST.txt
Gelöscht : C:\Users\Andreas\Desktop\FRST64.exe
Gelöscht : C:\Users\Andreas\Desktop\FRST_2.txt
Gelöscht : C:\Users\Andreas\Desktop\FRST_3.txt
Gelöscht : C:\Users\Andreas\Desktop\JRT.exe
Gelöscht : C:\Users\Andreas\Desktop\JRT.txt
Gelöscht : C:\Users\Andreas\Desktop\Log_CFIX.txt
Gelöscht : C:\Users\Andreas\Desktop\log_ESET.txt
Gelöscht : C:\Users\Andreas\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #609 [ComboFix created restore point | 06/16/2015 14:04:45]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
         
Beste Grüße!

Geändert von lab-star (16.06.2015 um 15:58 Uhr)

Alt 17.06.2015, 05:35   #12
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



Nee kein Problem
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.06.2015, 12:53   #13
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



Ist die Bereinigung damit also abgeschlossen?

Alt 17.06.2015, 20:02   #14
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/iLivid.Gen auf Win7x64 Notebook - Standard

PUA/iLivid.Gen auf Win7x64 Notebook



genau
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.06.2015, 08:43   #15
lab-star
 
PUA/iLivid.Gen auf Win7x64 Notebook - Daumen hoch

PUA/iLivid.Gen auf Win7x64 Notebook



Na dann, ... bleibt nur noch eins zu tun:

Diesmal hat es zwar etwas länger in Anspruch genommen, was aber daran lag, dass ich nur sehr unregelmäßig Zeit hatte.

Deshalb:

Vielen Dank für die kompetente und geduldige Unterstützung bei der Bereinigung meines Notebooks.



Beste Grüße!

Antwort

Themen zu PUA/iLivid.Gen auf Win7x64 Notebook
adware/seasuite.inze, antivir, converter, desktop, fehler, fehlercode 22, fehlercode 28, hdd0(c:), lsass.exe, malware, monitor, notebook, problem, programm, prozesse, pua/ilivid.gen, rundll, schädling, security, services.exe, software, svchost.exe, this device is disabled. (code 22), winlogon.exe



Ähnliche Themen: PUA/iLivid.Gen auf Win7x64 Notebook


  1. Ilivid GEfunden
    Plagegeister aller Art und deren Bekämpfung - 24.09.2015 (20)
  2. Firefox bleibt schwarz, keine Befehlsleiste. Win7x64, Avast
    Plagegeister aller Art und deren Bekämpfung - 28.10.2014 (21)
  3. Ich werde immer auf ILivid weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (19)
  4. BDS/Hupigon.Gen auf Win7x64 Notebook
    Log-Analyse und Auswertung - 31.03.2014 (11)
  5. [WIN7x64] NLAapi.dll ist entweder nicht für die Ausführung unter Windows vorgesehen [...]
    Alles rund um Windows - 14.03.2014 (27)
  6. Win7x64-Notebook mit "Nationzoom" infiziert
    Log-Analyse und Auswertung - 13.01.2014 (7)
  7. Win7x64 - Weißer Bildschirm nach dem Hochfahren
    Log-Analyse und Auswertung - 29.05.2013 (2)
  8. Ilivid Virus
    Log-Analyse und Auswertung - 25.04.2013 (17)
  9. Problem mit Virus iLivid
    Plagegeister aller Art und deren Bekämpfung - 07.02.2013 (13)
  10. Virus ILivid gedownloadet
    Plagegeister aller Art und deren Bekämpfung - 27.01.2013 (15)
  11. Win7x64 lahm! bsp. Firefox
    Log-Analyse und Auswertung - 13.01.2013 (3)
  12. http://www.searchnu.com/406 durch ilivid
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (12)
  13. ilivid entfernen
    Log-Analyse und Auswertung - 23.09.2012 (37)
  14. Ilivid auf meinem Desktop
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  15. Ilivid/Searchqu Virus
    Log-Analyse und Auswertung - 20.01.2012 (5)
  16. Problem mit ILIVID
    Log-Analyse und Auswertung - 25.11.2011 (3)
  17. Ilivid/ Bandoo/ Searchqu Virus und OTL
    Log-Analyse und Auswertung - 24.11.2011 (10)

Zum Thema PUA/iLivid.Gen auf Win7x64 Notebook - Hallo! Ich habe mir auf diesem Rechner vor einiger Zeit einen Schädling eingefangen. Ich wollte mir ein Update für den DVDvideosoft youtube to mp3 converter herunterladen. Auf der Downloadseite habe - PUA/iLivid.Gen auf Win7x64 Notebook...
Archiv
Du betrachtest: PUA/iLivid.Gen auf Win7x64 Notebook auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.