Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Chrome öffnet automatisch verschiedene Internetseiten (https://www.trojaner-board.de/158709-chrome-oeffnet-automatisch-verschiedene-internetseiten.html)

stebre 14.09.2014 18:25
Chrome öffnet automatisch verschiedene Internetseiten
 
Hilfe, auf unserem Laptop (WIN7 32Bit) öffnet sich Chrome (Standardbrowser) von alleine, und lädt verschiedene Internetseiten (Spiele / Wetten etc). Ähnliches Verhalten wie beim schon bestehenden Thema "Chrome Tabs öffnen sich automatisch". Kann auch mir jemand bei meinen Problemen helfen?

Gruß Stephan

schrauber 14.09.2014 18:39
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


stebre 14.09.2014 19:25
Hallo,
hier meine drei log-Files lt Anleitung:

Ich hoffe, damit kann man mit der Diagnose beginnen.

Gruß
Stephan

schrauber 15.09.2014 12:55
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

stebre 15.09.2014 15:32
Hallo Schrauber,
ich hatte alle drei logs zusammen übermitteln wollen, was zu lang für eine Nachricht war, deshalb der Versuch mit Anhang.
So jetzt aber direkt:



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Bxxxf (administrator) on BxxxF-LT1 on 14-09-2014 18:57:57
Running from C:\Users\Bxxxf\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
() C:\Users\Bxxxf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Users\Administrator\AppData\Local\Temp\{7E1F4F03-7C38-4624-8E99-191685098E28}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Promethean Technologies Group Ltd) C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
() C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [435488 2009-04-03] (Lenovo)
HKLM\...\Run: [ACWlIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [165152 2009-04-03] (Lenovo)
HKLM\...\Run: [CreateLMBCShortCut] => C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [40960 2009-04-03] ()
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-24] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.)
HKLM\...\Run: [ActivControl] => C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [1092896 2010-06-10] (Promethean Technologies Group Ltd)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2014-03-31] (RealNetworks, Inc.)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [StoppUhr] => [X]
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-14] (Google Inc.)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-02-23] ()
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [Amazon Cloud Player] => C:\Users\Bxxxf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\MountPoints2: {2a653162-e05c-11df-9758-002556d0a6ad} - PcOptions.exe
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\MountPoints2: {2c136787-53fc-11e0-9a79-806e6f6e6963} - PcOptions.exe
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\MountPoints2: {4e450b90-d12b-11de-81ce-002618fde928} - E:\StartVMCLite.exe
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\MountPoints2: {4e450b91-d12b-11de-81ce-002618fde928} - E:\StartVMCLite.exe
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\MountPoints2: {510a5a40-52d4-11e0-b120-002618fde928} - PcOptions.exe
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\MountPoints2: {e197e36f-c18b-11de-a83d-002618fde928} - E:\StartVMCLite.exe
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\MountPoints2: {e197e388-c18b-11de-a83d-002618fde928} - E:\StartVMCLite.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
SearchScopes: HKCU - DefaultScope {D78B3DA1-621B-4552-8CB3-7DFD0EEB7C2E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE460
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {282B0DF0-068B-4244-B20C-1EDCC779238F} URL = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {885EDD9C-291D-4488-B04F-4464B2FAD500} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
SearchScopes: HKCU - {D78B3DA1-621B-4552-8CB3-7DFD0EEB7C2E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE460
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.6.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.6.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-25]
FF HKLM\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-31]
FF HKCU\...\Firefox\Extensions: [{c4cf403f-d86b-4e5a-a55a-ef6a06352881}] - C:\Program Files\TubeSaver\132.xpi

Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSearchKeyword: Default -> 4F9BD168754AB17D27521B4FF20E3F80E6ECA9908C438EA808C4EB8584C58D78
CHR DefaultSearchURL: Default -> 11DCAC78C7BD0DCA42410D8B2B7E13880685EBFAC1F36A7157410F11D2E68446
CHR CustomProfile: C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (AdBlock) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-30]
CHR Extension: (RealPlayer Downloader) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-31]
CHR Extension: (Skype Click to Call) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-30]
CHR Extension: (Google Wallet) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files\TubeSaver\132.crx [2014-07-14]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Bxxxf\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CDMA Device Service; C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [63488 2011-08-02] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [211216 2009-02-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-31] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-06-12] (Lenovo Group Limited) [File not signed]
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [53325 2008-08-08] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2008-06-13] (Lenovo)
S2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed]
S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed]
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] () [File not signed]
R2 XYNTService; C:\Users\Administrator\AppData\Local\Temp\{7E1F4F03-7C38-4624-8E99-191685098E28}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe [86016 2009-03-27] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 ActivHidSerMini; C:\Windows\System32\DRIVERS\activhidsermini.sys [74752 2010-05-26] (Promethean Technologies Ltd)
R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [101248 2009-10-31] (AVM Berlin)
R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbstk.sys [173584 2008-07-31] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-02-17] (FTDI Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\A0101V32.sys [7680 2006-12-14] (ATK0100)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [6144 2010-05-26] (Promethean Technologies Ltd)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2008-10-26] ()
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2009-08-23] (Lenovo) [File not signed]
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 fwztuctp; \??\C:\Windows\system32\drivers\fwztuctp.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
S1 MpKsl1e4220cf; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9EC2BBC3-12E9-4769-91E7-A822D319E138}\MpKsl1e4220cf.sys [X]
S0 szkg5; system32\DRIVERS\szkg.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 18:57 - 2014-09-14 18:58 - 00029032 _____ () C:\Users\Bxxxf\Desktop\FRST.txt
2014-09-14 18:57 - 2014-09-14 18:58 - 00000000 ____D () C:\FRST
2014-09-14 18:55 - 2014-09-14 18:55 - 01097728 _____ (Farbar) C:\Users\Bxxxf\Desktop\FRST.exe
2014-09-13 10:48 - 2014-09-13 10:48 - 00214208 _____ () C:\Users\Bxxxf\Downloads\t6044611_Val-di-Fassa-Bike-Classic.gpx
2014-09-13 10:46 - 2014-09-13 10:46 - 00290160 _____ () C:\Users\Bxxxf\Downloads\t6044815_Val-di-Fassa-Marathon.gpx
2014-09-13 10:44 - 2014-09-13 10:44 - 00402770 _____ () C:\Users\Bxxxf\Downloads\t6295184_Etappe-1-gegen-Uhrzeigersinne-Grand-Tour-Dolomiti-Lagorai-Bike.gpx
2014-09-13 10:42 - 2014-09-13 10:42 - 00090582 _____ () C:\Users\Bxxxf\Downloads\t6044198_Moena-Karerpass-Soraga-Moena.gpx
2014-09-13 10:39 - 2014-09-13 10:39 - 00064776 _____ () C:\Users\Bxxxf\Downloads\t5951746_Canazei-Penia-Pian-Trevisan.gpx
2014-09-13 10:36 - 2014-09-13 10:36 - 00269626 _____ () C:\Users\Bxxxf\Downloads\t6043866_Pozza-San-Nicolo-Tal-Monzoni-Tal.gpx
2014-09-13 10:34 - 2014-09-13 10:34 - 00264874 _____ () C:\Users\Bxxxf\Downloads\t5952103_Canazei-Campitello-Duron-Tal-Dona-Tal.gpx
2014-09-13 10:33 - 2014-09-13 10:33 - 00111020 _____ () C:\Users\Bxxxf\Downloads\t6043951_Pozza-Mazzin-Monzon-Gardeccia.gpx
2014-09-13 10:32 - 2014-09-13 10:32 - 00087624 _____ () C:\Users\Bxxxf\Downloads\t6018800_Mazzin-Pozza-Vigo-Ciampedie.gpx
2014-09-13 10:29 - 2014-09-13 10:29 - 00262946 _____ () C:\Users\Bxxxf\Downloads\t6018721_Canazei-Campitello-Val-Duron.gpx
2014-09-13 10:28 - 2014-09-13 10:28 - 00164327 _____ () C:\Users\Bxxxf\Downloads\t5951954_Alba-di-Canazei-Contrin-Huette.gpx
2014-09-13 10:25 - 2014-09-13 10:26 - 00125877 _____ () C:\Users\Bxxxf\Downloads\t6019168_Pozza-Val-Jumela-Ciampac.gpx
2014-09-11 19:12 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:12 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:12 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:12 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:12 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:12 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:12 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:12 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:12 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:12 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:12 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:12 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:12 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:12 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:12 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:12 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:12 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:12 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:12 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:12 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:12 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:12 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:12 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:12 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:12 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:12 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:12 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:12 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:12 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:12 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 13:03 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 13:03 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:36 - 2014-09-10 09:37 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair (1).exe
2014-09-10 09:35 - 2014-09-10 09:36 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair.exe
2014-09-09 21:22 - 2014-09-09 21:23 - 04703864 _____ (Garmin International) C:\Users\Bxxxf\Downloads\GarminMapUpdater.exe
2014-09-01 18:50 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-01 18:49 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-01 18:49 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-01 18:49 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-01 18:09 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 18:09 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 18:09 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-09-01 18:09 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-01 18:07 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-01 18:07 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 18:07 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 18:06 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 18:06 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 18:06 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 18:06 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 11:19 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 11:19 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 11:19 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 11:19 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 11:17 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 11:17 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 11:17 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 11:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 11:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 18:58 - 2014-09-14 18:57 - 00029032 _____ () C:\Users\Bxxxf\Desktop\FRST.txt
2014-09-14 18:58 - 2014-09-14 18:57 - 00000000 ____D () C:\FRST
2014-09-14 18:58 - 2009-11-29 14:06 - 01104624 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 18:57 - 2013-06-25 19:36 - 13285240 _____ () C:\Windows\setupact.log
2014-09-14 18:55 - 2014-09-14 18:55 - 01097728 _____ (Farbar) C:\Users\Bxxxf\Desktop\FRST.exe
2014-09-14 18:48 - 2009-08-23 00:02 - 01117696 _____ () C:\Windows\system32\TPAPSLOG.LOG
2014-09-14 18:39 - 2014-02-04 09:19 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-09-14 18:39 - 2013-09-09 23:19 - 00000086 _____ () C:\Users\Bxxxf\AppData\Roaming\WB.CFG
2014-09-14 18:39 - 2013-09-09 21:15 - 00000294 _____ () C:\Windows\Tasks\DSite.job
2014-09-14 18:15 - 2014-05-13 16:37 - 00000000 ____D () C:\Users\Bxxxf\Documents\MSG Schuljahr 2014-2015
2014-09-14 18:11 - 2010-01-14 19:12 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 18:10 - 2009-10-24 18:21 - 00000258 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
2014-09-14 17:54 - 2009-11-29 14:19 - 01654782 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 17:31 - 2009-11-29 13:24 - 00011216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 17:31 - 2009-11-29 13:24 - 00011216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 17:23 - 2010-01-14 19:12 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 17:23 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 12:57 - 2009-11-02 18:26 - 00000000 ____D () C:\Garmin
2014-09-13 10:57 - 2009-10-26 18:38 - 00000000 ____D () C:\Users\Bxxxf\Documents\Urlaub
2014-09-13 10:48 - 2014-09-13 10:48 - 00214208 _____ () C:\Users\Bxxxf\Downloads\t6044611_Val-di-Fassa-Bike-Classic.gpx
2014-09-13 10:46 - 2014-09-13 10:46 - 00290160 _____ () C:\Users\Bxxxf\Downloads\t6044815_Val-di-Fassa-Marathon.gpx
2014-09-13 10:44 - 2014-09-13 10:44 - 00402770 _____ () C:\Users\Bxxxf\Downloads\t6295184_Etappe-1-gegen-Uhrzeigersinne-Grand-Tour-Dolomiti-Lagorai-Bike.gpx
2014-09-13 10:42 - 2014-09-13 10:42 - 00090582 _____ () C:\Users\Bxxxf\Downloads\t6044198_Moena-Karerpass-Soraga-Moena.gpx
2014-09-13 10:39 - 2014-09-13 10:39 - 00064776 _____ () C:\Users\Bxxxf\Downloads\t5951746_Canazei-Penia-Pian-Trevisan.gpx
2014-09-13 10:36 - 2014-09-13 10:36 - 00269626 _____ () C:\Users\Bxxxf\Downloads\t6043866_Pozza-San-Nicolo-Tal-Monzoni-Tal.gpx
2014-09-13 10:34 - 2014-09-13 10:34 - 00264874 _____ () C:\Users\Bxxxf\Downloads\t5952103_Canazei-Campitello-Duron-Tal-Dona-Tal.gpx
2014-09-13 10:33 - 2014-09-13 10:33 - 00111020 _____ () C:\Users\Bxxxf\Downloads\t6043951_Pozza-Mazzin-Monzon-Gardeccia.gpx
2014-09-13 10:32 - 2014-09-13 10:32 - 00087624 _____ () C:\Users\Bxxxf\Downloads\t6018800_Mazzin-Pozza-Vigo-Ciampedie.gpx
2014-09-13 10:29 - 2014-09-13 10:29 - 00262946 _____ () C:\Users\Bxxxf\Downloads\t6018721_Canazei-Campitello-Val-Duron.gpx
2014-09-13 10:28 - 2014-09-13 10:28 - 00164327 _____ () C:\Users\Bxxxf\Downloads\t5951954_Alba-di-Canazei-Contrin-Huette.gpx
2014-09-13 10:26 - 2014-09-13 10:25 - 00125877 _____ () C:\Users\Bxxxf\Downloads\t6019168_Pozza-Val-Jumela-Ciampac.gpx
2014-09-12 18:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:15 - 2009-08-23 00:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 19:07 - 2013-08-15 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 18:04 - 2011-06-19 21:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 18:03 - 2012-05-01 10:41 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 18:03 - 2011-08-07 21:27 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-11 18:03 - 2011-08-07 21:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 10:31 - 2011-11-16 11:43 - 00032603 _____ () C:\Users\Bxxxf\ACTIVstudioError.log
2014-09-10 09:37 - 2014-09-10 09:36 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair (1).exe
2014-09-10 09:36 - 2014-09-10 09:35 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair.exe
2014-09-09 21:23 - 2014-09-09 21:22 - 04703864 _____ (Garmin International) C:\Users\Bxxxf\Downloads\GarminMapUpdater.exe
2014-09-07 17:03 - 2009-10-26 18:37 - 00000000 ____D () C:\Users\Bxxxf\Documents\Stundenkonzepte Aplus
2014-09-05 20:27 - 2012-06-19 20:45 - 00000000 ____D () C:\Users\Bxxxf\Documents\MSG Schuljahr 2012-2013
2014-09-05 20:16 - 2009-11-03 18:51 - 00000000 ____D () C:\Users\Bxxxf\AppData\Local\FreePDF_XP
2014-09-05 20:15 - 2009-11-03 18:51 - 00020280 _____ () C:\fpRedmon.log
2014-09-02 17:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-01 23:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-01 21:57 - 2012-08-31 17:28 - 00000000 ____D () C:\PFS6.5BD_TMP
2014-09-01 21:36 - 2009-07-14 06:33 - 00501632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 21:33 - 2013-08-09 07:25 - 00008134 _____ () C:\Windows\PFRO.log
2014-09-01 11:19 - 2012-12-07 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 03:46 - 2014-09-01 18:07 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-09-01 18:07 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 19:39 - 2014-09-11 19:12 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-11 19:12 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-11 19:12 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-11 19:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-11 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-11 19:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-11 19:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-11 19:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 19:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 19:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-11 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 19:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-11 19:12 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-11 19:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-11 19:12 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-11 19:12 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-11 19:12 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-11 19:12 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-11 19:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 19:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-11 19:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 19:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-11 19:12 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-11 19:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 19:12 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-11 19:12 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-11 19:12 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-11 19:12 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-11 19:12 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-11 19:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Bxxxf\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Bxxxf\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 12:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

additional log:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Bxxxf at 2014-09-14 19:00:26
Running from C:\Users\Bxxxf\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Enabled - Out of date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials (Enabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}
AS: AntiVir Desktop (Enabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.256 - )
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.20 - )
ActivDriver x86 v5.5 (HKLM\...\{FB4291BF-594B-4AA9-883B-1E7509DCA092}) (Version: 5.5.37.4 - Promethean)
ActivInspire Help (DEU) v1 (HKLM\...\{20F2FB2A-1FE4-4A40-96E8-87402B490E12}) (Version: 1.4.0 - Promethean)
ActivInspire HWR Resources (DEU) v1 (HKLM\...\{9469324F-3525-4C6E-A91C-5F6BD15E9187}) (Version: 1.3.0 - Promethean)
ActivInspire v1 (HKLM\...\{6EA9DEAF-B633-44B8-89F6-2EF0C4944A19}) (Version: 1.4.23015 - Promethean)
Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 10 Plugin (HKLM\...\{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}) (Version: 10.0.12.36 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Alt WAV MP3 WMA OGG Converter 7.3 (HKLM\...\Alt WAV MP3 WMA OGG Converter 7.3_is1) (Version: 7.3 - Nesoft Inc.)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.13.01 - )
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5C3B892-0849-476C-9F46-B12F84819D57}) (Version: 3.0.0.102 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS DSL-N55U Wireless ADSL Router Utilities (HKLM\...\{2150DA4A-4909-4781-9656-CDDDF6EC29D1}) (Version: 4.2.4.5 - ASUS)
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.12 - Audible, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 2010012384.48.56.27668250 - Audible, Inc.)
AVIConverter 5.1.6 (HKLM\...\AVIConverter) (Version: 5.1.6 - )
BackUp Maker v5.5 (HKLM\...\BackUp Maker_is1) (Version:  - ASCOMP Software GmbH)
BJSp - Bundesjugendspiele Version 3.1.3 (HKLM\...\BJSp - Bundesjugendspiele_is1) (Version: 3.1.3 - Achim Hubert Softwareentwicklung)
Bonjour (HKLM\...\{76BC2442-0002-47FA-9617-43BAD82BEF4C}) (Version: 2.0.0.34 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.29 - Lenovo)
Carnet d'activités À plus! 1 (HKLM\...\{E8895A6B-1A5A-4754-AE70-70432DA6C6D6}) (Version: 1.00.000 - )
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
cGPSmapper Free 0100d (HKLM\...\cGPSmapper Free_is1) (Version:  - cGPSmapper)
Chinese Simplified Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-2447-0000-800000000003}) (Version: 8.0.0 - Adobe Systems)
CicloTour 4.42 (HKLM\...\CicloTour_is1) (Version: 4.42 - CicloSport)
Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.20.0023.00 - Lenovo Group Limited)
Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version:  - ) <==== ATTENTION
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2013 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2013 - CyberLink Corp.) Hidden
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version:  - )
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - )
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
Dropbox (HKCU\...\Dropbox) (Version: 1.4.17 - Dropbox, Inc.)
EasyGeo GPS Konverter (HKLM\...\ST6UNST #1) (Version:  - )
Elevated Installer (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen)
Ergänzung zu Lenovo Care (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 3.00b - )
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FOTOParadies (HKLM\...\{0A860E7C-AB8E-455A-9A0A-96379D8DB3E8}}_is1) (Version: 3.1.10.103 - Foto Online Service GmbH)
Free YouTube Download version 2.10.38.602 (HKLM\...\Free YouTube Download_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Garmin City Navigator Europe NT 2012.10 Update (HKLM\...\{41A00174-B4EA-4E79-9CAF-DC118A878B92}) (Version: 15.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Trip and Waypoint Manager v4 (HKLM\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Update Service (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript 8.70 (HKLM\...\GPL Ghostscript 8.70) (Version:  - )
GPSBabel 1.5.0 (HKLM\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
GTK+ Runtime 2.14.7 rev a (remove only) (HKLM\...\GTK 2.0) (Version:  - )
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HACtronic (HKLM\...\{F4193443-7652-4656-A1F9-92F7AA6B98DA}) (Version: 1.50.0000 - Ciclo Sport K.W.Hochschorner GmbH)
Hactronic 2.02 (HKLM\...\Hactronic_is1) (Version: 2.02 - CicloSport)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems)
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - )
HP Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
Integrated Camera (HKLM\...\{061A431C-86E7-4DB4-92B8-36DE783865CF}) (Version: 6.11.202.004 - D-MAX)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel(R) Corporation)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1243 - InterVideo Inc.)
IP Camera (HKLM\...\IP Camera) (Version:  - )
Italy Topo 20 v1.0 (HKLM\...\ITopo20_is1) (Version:  - info@italymaps.tk)
iTunes (HKLM\...\{996A2FAA-7514-4628-9D12-A8FC34A0016E}) (Version: 9.1.0.79 - Apple Inc.)
J4500 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) SE Development Kit 6 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle)
KAKURO Meister Demoversion (HKLM\...\KAKURO Meister Demoversion) (Version:  - )
Klett Software Horizons Sicher ins Abitur (HKLM\...\Klett Software Horizons Sicher ins Abitur) (Version:  - )
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 3.00b - )
Lenovo Registration (HKLM\...\Lenovo Registration) (Version:  - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo System Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5122.07 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 1.0.109.0 - Lenovo)
Lenovo_ATK_Package (HKLM\...\{055B9AD2-48E1-462E-9992-814123063C46}) (Version: 0.00.04.0 - Lenovo)
MasterTool - Autorensystem (HKLM\...\MasterTool - Autorensystem_is1) (Version:  - Thomas Gottfried EDV)
MeinPlatz (HKLM\...\MeinPlatz) (Version:  - )
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01d - )
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook SMS Add-in (HKLM\...\{FD5C399F-2D43-4EC5-AAF7-D600041EF25C}) (Version: 12.0.0006.0 - Microsoft Office)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{11733061-B36C-472D-BC43-EB67A912C897}) (Version: 3.4.0059 - Lenovo)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{6869591A-7DD8-46D2-837F-57CBF7358955}) (Version: 7.1.22.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.40.1 - Nokia)
Nokia PC Suite (Version: 7.1.40.1 - Nokia) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Password Safe (HKLM\...\Password Safe) (Version:  - )
PC Connectivity Solution (HKLM\...\{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}) (Version: 9.44.0.3 - Nokia)
PCMSCAN (HKLM\...\{979B748C-6095-4A5A-BC7B-C15E720529D6}) (Version: 2.4.12 - Palmer Performance Engineering)
PHOTOfunSTUDIO 6.5 BD Edition (HKLM\...\{AD5B7E20-00E1-4B7B-84DC-53F5CEFFA367}) (Version: 6.05.818 - Panasonic Corporation)
Pictomio (HKLM\...\Pictomio) (Version:  - Pictomio GmbH)
Präsentationsdirektor (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )
Product Recovery Disc Burning Utility (HKLM\...\{FA62B4C2-6CFD-462F-9B59-68A730001AB3}) (Version: 1.20.0039.00 - Lenovo Group Limited)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Pusteblume Deutsch 3 (HKLM\...\Pusteblume Deutsch 3) (Version:  - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RealDownloader (Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - )
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista  (HKLM\...\FPIRPOn) (Version: 1.01 - )
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (HKLM\...\Dipmon) (Version: 1.01 - )
Registry patch to improve USB device detection on resume from sleep for Windows Vista (HKLM\...\{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}) (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.21.0014.00 - Lenovo Group Limited)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
RidNacs 1.0.2 (HKLM\...\RidNacs_is1) (Version:  - Stephan Plath)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Central Core (Version: 3.7.0 - Roxio) Hidden
Roxio Central Data (Version: 3.7.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Roxio Creator Small Business Edition (Version: 10.1.177 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.2.11071_128 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.0.2.11071_128 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.103.0 - SAMSUNG Electronics Co., Ltd.)
Sansa Updater (HKCU\...\Sansa Updater) (Version:  - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScanMaster-ELM 2.1.104.771 (HKLM\...\ScanMaster-ELM_is1) (Version: 2.1.104.771 - WGSoft.de)
Screen Antics 2.1 (HKLM\...\Screen Antics) (Version: 2.1 - Jaap van Wingerden)
SD Formatter (HKLM\...\{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}) (Version: 2.9.5 - SDA)
Sicherheitsupdate für Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) (HKLM\...\{F750C986-5310-3A5A-95F8-4EC71C8AC01C}.KB2478663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) (HKLM\...\{F750C986-5310-3A5A-95F8-4EC71C8AC01C}.KB2518870) (Version: 1 - Microsoft Corporation)
SILKYPIX Developer Studio 3.1 SE (HKLM\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.3.0 - SmartSound Software Inc) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
StoppUhr (HKLM\...\StoppUhr) (Version:  - )
supra DateSet (HKLM\...\{AB8FF586-A9CC-4A9C-8A20-631F98A5FC5B}) (Version: 1.0.1.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH)
SVPII (HKLM\...\SVPII_is1) (Version:  - Softwareschmiede Schepmann)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.14.0024 - Lenovo)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
TextMaker Viewer (HKLM\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4500 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.4500 - Lenovo)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.37 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.03 - )
ThinkPad Mobility Center Customization (HKLM\...\{90FABD40-E741-446F-839D-CEAE905D63BE}) (Version: 1.50.0000 - Lenovo)
ThinkPad Power Management Driver for SL Series (HKLM\...\Power Management Driver) (Version: 1.44 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.2.0 - )
ThinkPad-Dienstprogramm 'EasyEject' (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.36 - )
ThinkVantage Access Connections (HKLM\...\{4BD295B9-0190-4C54-B08E-33A6ECA922DF}) (Version: 5.22 - Lenovo)
ThinkVantage Status Gadget (HKLM\...\{5523092E-13AA-4EED-8E18-255860F6D9DC}) (Version: 1.1.0027 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.61 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 2.00 - ) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trainingsplan V3.0 (HKLM\...\TrainingsplanV3.0_is1) (Version:  - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Codec Pack (HKCU\...\DSite) (Version:  - ) <==== ATTENTION
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless BroadbandAccess Self Activation (HKLM\...\{3F963A06-7C18-4039-9789-9644B3266AE7}) (Version: 1.3.2 - Smith Micro Software, Inc.)
Visual C++ 9.0 ATL (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM\...\{B5761811-28F3-4257-B537-815C5EEF472C}) (Version: 3.2.2.182 - Vodafone)
Wallpapers (Version:  - ) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welt der Zahl 2 (HKLM\...\Welt der Zahl 2) (Version:  - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows 7 Upgrade Advisor (HKLM\...\{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}) (Version: 2.0.3001.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44) (HKLM\...\414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD) (Version: 05/14/2008 1.44 - Lenovo)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
Windows Live Toolbar (Version: 03.01.0130 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4) (HKLM\...\8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA) (Version: 06/01/2009 7.01.0.4 - Nokia)
Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2) (HKLM\...\05B59228C7E1C21DFBE89260F879BD95880548D8) (Version: 10/05/2009 4.2 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zoner Photo Studio 9 (HKLM\...\Zoner Photo Studio 9_is1) (Version:  - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-909024761-1574197840-3427079863-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-909024761-1574197840-3427079863-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-909024761-1574197840-3427079863-1003_Classes\CLSID\{50C9CC92-DC78-42D7-8B94-783D01F0BD84}\InprocServer32 -> C:\Program Files\Microsoft Office\Microsoft Office Outlook SMS Add-in\mosa.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-909024761-1574197840-3427079863-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-909024761-1574197840-3427079863-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-909024761-1574197840-3427079863-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-909024761-1574197840-3427079863-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

==================== Restore Points  =========================

05-06-2014 17:46:07 Windows Update
09-06-2014 13:34:53 Windows Update
12-06-2014 17:00:42 Windows Update
16-06-2014 06:55:22 Windows Update
19-06-2014 14:07:23 Windows Update
23-06-2014 13:52:39 Windows Update
26-06-2014 19:24:26 Windows Update
30-06-2014 06:18:28 Windows Update
03-07-2014 16:51:30 Windows Update
07-07-2014 14:42:43 Windows Update
10-07-2014 14:52:07 Windows Update
13-07-2014 15:56:18 Windows Update
17-07-2014 17:01:28 Windows Update
20-07-2014 17:55:28 Windows Update
24-07-2014 11:16:42 Windows Update
28-07-2014 10:03:15 Windows Update
02-08-2014 19:56:32 Windows Update
07-08-2014 06:54:02 Windows Update
01-09-2014 09:15:24 Windows Update
01-09-2014 16:44:44 Windows Update
01-09-2014 19:42:01 Windows Update
06-09-2014 09:43:26 Windows Update
09-09-2014 19:13:22 Windows Update
11-09-2014 15:56:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {172BC00E-9DCA-4B7D-9C60-0EEAF06FA73B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-909024761-1574197840-3427079863-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {1A2AC875-2124-4C57-B9D7-3283E4E46B13} - System32\Tasks\Amazon Music Helper => C:\Users\Bxxxf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-12-12] ()
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {4C22EFF2-623D-42BA-A1F4-7CC61065FE25} - System32\Tasks\Digital Sites => C:\Users\Bxxxf\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5376B3DC-7AE5-4147-BCBA-FFFF36B7F44F} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2008-10-26] (Lenovo Group Limited)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7D3F77A4-CB5A-4D5E-9CA3-949D5BE7E3E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {A9574E08-077A-44F9-BFCC-0C09F8849785} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-909024761-1574197840-3427079863-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {B1DBF5BD-A458-4922-8515-1E78C64BFA33} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PCDR5\pcdr5cuiw32.exe [2008-12-13] (PC-Doctor, Inc.)
Task: {BEFC4F35-1162-4E22-BDE6-3DDE5E3A8199} - System32\Tasks\{4E6BA13A-510E-415C-97B0-B6A8D840F5B0} => C:\Program Files\svp\svp2_setup_21000.exe [2010-04-29] (Softwareschmiede Schepmann                                  )
Task: {C90FF3FC-B691-43AD-8CAC-6DFC726C6D0E} - System32\Tasks\DSite => C:\Users\Bxxxf\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-09-09] () <==== ATTENTION
Task: {CBD288F9-581F-490A-995C-91983BE2C9BD} - System32\Tasks\BackUp_Maker => C:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe [2009-05-12] (ASCOMP Software GmbH)
Task: {D8F7BFAC-07A6-4FE7-AE20-F98B3B974C16} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E3C9D10C-3B8F-48EE-9CC2-7332266E5896} - System32\Tasks\Auf Updates für Windows Live Toolbar prüfen => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {F45E600C-0327-46B7-B6C1-DC0173CB0C71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Bxxxf\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Bxxxf\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PCDR5\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2009-08-23 00:17 - 2007-10-02 21:53 - 00094208 ____R () C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
2009-02-27 06:51 - 2009-02-27 06:51 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-08-23 00:17 - 2007-10-30 11:35 - 00094208 ____R () C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
2009-08-23 00:17 - 2008-03-19 21:46 - 00208896 ____R () C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
2009-11-03 18:49 - 2005-01-06 19:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-09-09 21:57 - 2011-08-02 11:47 - 00063488 _____ () C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-03-31 20:40 - 2014-03-31 20:40 - 00867928 _____ () C:\Program Files\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-02-14 12:06 - 2014-02-14 12:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-12-07 20:16 - 2009-04-17 19:01 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2011-11-16 11:40 - 2014-09-14 17:24 - 00063488 _____ () C:\ProgramData\ACTIV Software\ActivApplications\ActivFocusHook.dll
2009-08-23 00:10 - 2007-06-18 16:28 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2013-12-14 18:23 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Bxxxf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-02-02 19:29 - 2010-08-10 22:37 - 00217088 _____ () C:\Program Files\ASUS\Printer Utilities\UsbService.exe
2009-08-22 23:55 - 2009-03-27 17:16 - 00086016 _____ () C:\Users\Administrator\AppData\Local\Temp\{7E1F4F03-7C38-4624-8E99-191685098E28}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe
2009-03-18 10:51 - 2009-03-18 10:51 - 00139264 _____ () c:\Program Files\Common Files\Lenovo\CDRecord.dll
2010-06-10 15:54 - 2010-06-10 15:54 - 00078616 _____ () C:\Program Files\Activ Software\ActivDriver\prmnst.dll
2010-06-10 15:54 - 2010-06-10 15:54 - 00493336 _____ () C:\Program Files\Activ Software\ActivDriver\activmgr.exe
2010-06-10 15:54 - 2010-06-10 15:54 - 00340248 _____ () C:\Program Files\Activ Software\ActivDriver\QtXml4.dll
2010-06-10 15:54 - 2010-06-10 15:54 - 02151704 _____ () C:\Program Files\Activ Software\ActivDriver\QtCore4.dll
2010-06-10 15:54 - 2010-06-10 15:54 - 07993624 _____ () C:\Program Files\Activ Software\ActivDriver\QtGui4.dll
2010-06-10 15:54 - 2010-06-10 15:54 - 00934688 _____ () C:\Program Files\Activ Software\ActivDriver\QtNetwork4.dll
2010-06-10 15:54 - 2010-06-10 15:54 - 00227624 _____ () C:\Windows\libactivboardex.dll
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-14 17:24 - 2014-09-14 17:24 - 00098816 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32api.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00110080 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\pywintypes27.dll
2014-09-14 17:24 - 2014-09-14 17:24 - 00364544 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\pythoncom27.dll
2014-09-14 17:24 - 2014-09-14 17:24 - 00045568 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\_socket.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 01160704 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\_ssl.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00320512 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32com.shell.shell.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00713216 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\_hashlib.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 01175040 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\wx._core_.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00805888 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\wx._gdi_.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00811008 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\wx._windows_.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 01062400 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\wx._controls_.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00735232 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\wx._misc_.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00128512 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\_elementtree.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00127488 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\pyexpat.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00557056 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\pysqlite2._sqlite.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00007168 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\hashobjs_ext.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00087552 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\_ctypes.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00119808 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32file.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00108544 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32security.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00018432 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32event.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00038912 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32inet.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00070656 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\wx._html2.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00167936 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32gui.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00011264 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32crypt.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00027136 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\_multiprocessing.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00686080 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\unicodedata.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00122368 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\wx._wizard.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00010240 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\select.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00024064 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32pipe.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00025600 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32pdh.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00525640 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\windows._lib_cacheinvalidation.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00035840 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32process.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00017408 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32profile.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00022528 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\win32ts.pyd
2014-09-14 17:24 - 2014-09-14 17:24 - 00078336 _____ () C:\Users\Bxxxf\AppData\Local\Temp\_MEI50602\wx._animate.pyd
2009-08-22 23:55 - 2008-07-24 07:24 - 00236048 _____ () C:\Windows\system32\USBPCCamwdm.ax
2009-08-22 23:55 - 2008-07-24 07:24 - 00219664 _____ () C:\Windows\system32\USBPCCamspef.ax
2014-09-11 06:15 - 2014-09-04 05:01 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-11 06:15 - 2014-09-04 05:01 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-11 06:15 - 2014-09-04 05:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-11 06:15 - 2014-09-04 05:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-11 06:15 - 2014-09-04 05:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\npylkens.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:C64BF02A

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-909024761-1574197840-3427079863-1003\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.5 BD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 6.5 BD Edition.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CameraApplicationLauncher => C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LPMailChecker => C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
MSCONFIG\startupreg: LPManager => C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: SansaDispatch => C:\Users\Bxxxf\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: MpKsl1e4220cf
Description: MpKsl1e4220cf
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl1e4220cf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/14/2014 05:24:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 00:56:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 09:46:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 07:42:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31028

Error: (09/12/2014 07:42:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31028

Error: (09/12/2014 07:42:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/12/2014 07:42:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15444

Error: (09/12/2014 07:42:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15444

Error: (09/12/2014 07:42:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/14/2014 05:51:35 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:35 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:35 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:35 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:35 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:35 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:34 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:33 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:32 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (09/14/2014 05:51:31 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.


Microsoft Office Sessions:
=========================
Error: (06/23/2014 07:39:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/27/2014 08:33:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/10/2013 09:16:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/04/2013 09:16:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 268 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (06/16/2012 11:19:12 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4866 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (06/06/2012 08:42:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4471 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (06/02/2012 01:23:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3081 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (01/23/2012 08:17:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6080 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (01/20/2012 08:11:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3039 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (01/20/2012 06:50:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 501 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Percentage of memory in use: 40%
Total physical RAM: 3037.3 MB
Available physical RAM: 1795.58 MB
Total Pagefile: 6072.89 MB
Available Pagefile: 4190.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.29 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:221.65 GB) (Free:25.09 GB) NTFS
Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:3.04 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CFF304D6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

stebre 15.09.2014 15:33
gmer-log:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-14 20:10:08
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.FBEZ 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Bxxxf\AppData\Local\Temp\uwdiypob.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                8323EA15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  83278212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.vmp2  C:\Windows\system32\drivers\acedrv11.sys                                                                                entry point in ".vmp2" section [0xB28F669D]

---- User code sections - GMER 2.1 ----

.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtCreateFile + 6                                          772E560E 4 Bytes  [28, DC, 1A, 00] {SUB AH, BL; SBB AL, [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtCreateFile + B                                          772E5613 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtMapViewOfSection + 6                                    772E5C6E 4 Bytes  [28, DF, 1A, 00] {SUB BH, BL; SBB AL, [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtMapViewOfSection + B                                    772E5C73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenFile + 6                                            772E5D1E 4 Bytes  [68, DC, 1A, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenFile + B                                            772E5D23 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenProcess + 6                                        772E5DCE 4 Bytes  [A8, DD, 1A, 00] {TEST AL, 0xdd; SBB AL, [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenProcess + B                                        772E5DD3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenProcessToken + B                                    772E5DE3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenProcessTokenEx + 6                                  772E5DEE 4 Bytes  [A8, DE, 1A, 00] {TEST AL, 0xde; SBB AL, [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenProcessTokenEx + B                                  772E5DF3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenThread + 6                                          772E5E4E 4 Bytes  [68, DD, 1A, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenThread + B                                          772E5E53 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenThreadToken + 6                                    772E5E5E 4 Bytes  [68, DE, 1A, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenThreadToken + B                                    772E5E63 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtOpenThreadTokenEx + B                                  772E5E73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtQueryAttributesFile + 6                                772E5F7E 4 Bytes  [A8, DC, 1A, 00] {TEST AL, 0xdc; SBB AL, [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtQueryAttributesFile + B                                772E5F83 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtQueryFullAttributesFile + B                            772E6033 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtSetInformationFile + 6                                  772E667E 4 Bytes  [28, DD, 1A, 00] {SUB CH, BL; SBB AL, [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtSetInformationFile + B                                  772E6683 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtSetInformationThread + 6                                772E66DE 4 Bytes  [28, DE, 1A, 00] {SUB DH, BL; SBB AL, [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtSetInformationThread + B                                772E66E3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtUnmapViewOfSection + 6                                  772E69FE 4 Bytes  [68, DF, 1A, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[1356] ntdll.dll!NtUnmapViewOfSection + B                                  772E6A03 1 Byte  [E2]
.text  C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2256] kernel32.dll!SetUnhandledExceptionFilter                  75E2F5AB 5 Bytes  JMP 525353FC C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text  C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2256] ole32.dll!OleLoadFromStream                                75776143 5 Bytes  JMP 52FFF68E C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtCreateFile + 6                                          772E560E 4 Bytes  [28, 84, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtCreateFile + B                                          772E5613 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtMapViewOfSection + 6                                    772E5C6E 4 Bytes  [28, 87, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtMapViewOfSection + B                                    772E5C73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenFile + 6                                            772E5D1E 4 Bytes  [68, 84, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenFile + B                                            772E5D23 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenProcess + 6                                        772E5DCE 4 Bytes  [A8, 85, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenProcess + B                                        772E5DD3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenProcessToken + B                                    772E5DE3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenProcessTokenEx + 6                                  772E5DEE 4 Bytes  [A8, 86, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenProcessTokenEx + B                                  772E5DF3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenThread + 6                                          772E5E4E 4 Bytes  [68, 85, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenThread + B                                          772E5E53 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenThreadToken + 6                                    772E5E5E 4 Bytes  [68, 86, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenThreadToken + B                                    772E5E63 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtOpenThreadTokenEx + B                                  772E5E73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtQueryAttributesFile + 6                                772E5F7E 4 Bytes  [A8, 84, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtQueryAttributesFile + B                                772E5F83 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtQueryFullAttributesFile + B                            772E6033 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtSetInformationFile + 6                                  772E667E 4 Bytes  [28, 85, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtSetInformationFile + B                                  772E6683 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtSetInformationThread + 6                                772E66DE 4 Bytes  [28, 86, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtSetInformationThread + B                                772E66E3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtUnmapViewOfSection + 6                                  772E69FE 4 Bytes  [68, 87, A6, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[2736] ntdll.dll!NtUnmapViewOfSection + B                                  772E6A03 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + 6                                    772E5C6E 4 Bytes  [18, 10, 3C, 73] {SBB [EAX], DL; CMP AL, 0x73}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + B                                    772E5C73 1 Byte  [E2]
.text  C:\Program Files\Real\RealPlayer\Update\realsched.exe[4916] kernel32.dll!SetUnhandledExceptionFilter                    75E2F5AB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtCreateFile + 6                                          772E560E 4 Bytes  [28, 44, 46, 00] {SUB [ESI+EAX*2+0x0], AL}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtCreateFile + B                                          772E5613 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtMapViewOfSection + 6                                    772E5C6E 4 Bytes  [28, 47, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtMapViewOfSection + B                                    772E5C73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenFile + 6                                            772E5D1E 4 Bytes  [68, 44, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenFile + B                                            772E5D23 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenProcess + 6                                        772E5DCE 4 Bytes  [A8, 45, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenProcess + B                                        772E5DD3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenProcessToken + B                                    772E5DE3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenProcessTokenEx + 6                                  772E5DEE 4 Bytes  [A8, 46, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenProcessTokenEx + B                                  772E5DF3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenThread + 6                                          772E5E4E 4 Bytes  [68, 45, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenThread + B                                          772E5E53 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenThreadToken + 6                                    772E5E5E 4 Bytes  [68, 46, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenThreadToken + B                                    772E5E63 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtOpenThreadTokenEx + B                                  772E5E73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtQueryAttributesFile + 6                                772E5F7E 4 Bytes  [A8, 44, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtQueryAttributesFile + B                                772E5F83 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtQueryFullAttributesFile + B                            772E6033 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtSetInformationFile + 6                                  772E667E 4 Bytes  [28, 45, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtSetInformationFile + B                                  772E6683 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtSetInformationThread + 6                                772E66DE 4 Bytes  [28, 46, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtSetInformationThread + B                                772E66E3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtUnmapViewOfSection + 6                                  772E69FE 4 Bytes  [68, 47, 46, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[4988] ntdll.dll!NtUnmapViewOfSection + B                                  772E6A03 1 Byte  [E2]
.text  C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe[5212] kernel32.dll!SetUnhandledExceptionFilter                  75E2F5AB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtCreateFile + 6                                          772E560E 4 Bytes  [28, 0C, 8F, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtCreateFile + B                                          772E5613 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtMapViewOfSection + 6                                    772E5C6E 4 Bytes  [28, 0F, 8F, 00] {SUB [EDI], CL; POP DWORD [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtMapViewOfSection + B                                    772E5C73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenFile + 6                                            772E5D1E 4 Bytes  [68, 0C, 8F, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenFile + B                                            772E5D23 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenProcess + 6                                        772E5DCE 4 Bytes  [A8, 0D, 8F, 00] {TEST AL, 0xd; POP DWORD [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenProcess + B                                        772E5DD3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenProcessToken + B                                    772E5DE3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenProcessTokenEx + 6                                  772E5DEE 4 Bytes  [A8, 0E, 8F, 00] {TEST AL, 0xe; POP DWORD [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenProcessTokenEx + B                                  772E5DF3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenThread + 6                                          772E5E4E 4 Bytes  [68, 0D, 8F, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenThread + B                                          772E5E53 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenThreadToken + 6                                    772E5E5E 4 Bytes  [68, 0E, 8F, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenThreadToken + B                                    772E5E63 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtOpenThreadTokenEx + B                                  772E5E73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtQueryAttributesFile + 6                                772E5F7E 4 Bytes  [A8, 0C, 8F, 00] {TEST AL, 0xc; POP DWORD [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtQueryAttributesFile + B                                772E5F83 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtQueryFullAttributesFile + B                            772E6033 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtSetInformationFile + 6                                  772E667E 4 Bytes  [28, 0D, 8F, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtSetInformationFile + B                                  772E6683 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtSetInformationThread + 6                                772E66DE 4 Bytes  [28, 0E, 8F, 00] {SUB [ESI], CL; POP DWORD [EAX]}
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtSetInformationThread + B                                772E66E3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtUnmapViewOfSection + 6                                  772E69FE 4 Bytes  [68, 0F, 8F, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5632] ntdll.dll!NtUnmapViewOfSection + B                                  772E6A03 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtCreateFile + 6                                          772E560E 4 Bytes  [28, C0, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtCreateFile + B                                          772E5613 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtMapViewOfSection + 6                                    772E5C6E 4 Bytes  [28, C3, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtMapViewOfSection + B                                    772E5C73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenFile + 6                                            772E5D1E 4 Bytes  [68, C0, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenFile + B                                            772E5D23 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenProcess + 6                                        772E5DCE 4 Bytes  [A8, C1, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenProcess + B                                        772E5DD3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenProcessToken + B                                    772E5DE3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenProcessTokenEx + 6                                  772E5DEE 4 Bytes  [A8, C2, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenProcessTokenEx + B                                  772E5DF3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenThread + 6                                          772E5E4E 4 Bytes  [68, C1, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenThread + B                                          772E5E53 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenThreadToken + 6                                    772E5E5E 4 Bytes  [68, C2, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenThreadToken + B                                    772E5E63 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtOpenThreadTokenEx + B                                  772E5E73 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtQueryAttributesFile + 6                                772E5F7E 4 Bytes  [A8, C0, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtQueryAttributesFile + B                                772E5F83 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtQueryFullAttributesFile + B                            772E6033 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtSetInformationFile + 6                                  772E667E 4 Bytes  [28, C1, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtSetInformationFile + B                                  772E6683 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtSetInformationThread + 6                                772E66DE 4 Bytes  [28, C2, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtSetInformationThread + B                                772E66E3 1 Byte  [E2]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtUnmapViewOfSection + 6                                  772E69FE 4 Bytes  [68, C3, 80, 00]
.text  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe[5856] ntdll.dll!NtUnmapViewOfSection + B                                  772E6A03 1 Byte  [E2]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556d0a6ad                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556d0a6ad@001adcedc210                                0xE2 0x84 0xB7 0x7C ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556d0a6ad@4c549942d26f                                0x40 0x6C 0x09 0x76 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556d0a6ad@d0176a0b9956                                0x1A 0xB3 0x2C 0x4F ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556d0a6ad@bcb1f30bb9af                                0xC6 0xAF 0x60 0xF2 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556d0a6ad@000671000006                                0xA0 0x63 0xCD 0xC3 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings                                             
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556d0a6ad (not active ControlSet)                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556d0a6ad@001adcedc210                                    0xE2 0x84 0xB7 0x7C ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556d0a6ad@4c549942d26f                                    0x40 0x6C 0x09 0x76 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556d0a6ad@d0176a0b9956                                    0x1A 0xB3 0x2C 0x4F ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556d0a6ad@bcb1f30bb9af                                    0xC6 0xAF 0x60 0xF2 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556d0a6ad@000671000006                                    0xA0 0x63 0xCD 0xC3 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)                         
Reg    HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{2971C9F5-8FB1-11DE-93E0-002618A25CD1}  17278690280

---- EOF - GMER 2.1 ----

schrauber 16.09.2014 09:51
Adware & Co. deinstallieren




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

stebre 16.09.2014 17:25
Hallo Schrauber, danke für die weitere Hilfe.

Den Revo Uninstaller habe ich laufen lassen und wohl alle installierten Anwendungen im Uninstallerfeld aufgelistet.
Aber wo finde ich "Additional scan result of Farbar Recovery scan tool ... usw"?
Ich habe nur die Liste der Anwendungen ...

Gruß
Stephan

schrauber 17.09.2014 08:13
Addition.txt von FRST :)

stebre 17.09.2014 22:27
Zwei Anwendungen mit "Attention" habe ich eliminiert.
Combofix habe ich gestartet mit deaktiviertem Microsoft Security Essentials, trotzdem hatte Combofix gemeckert, der Virenscanner wäre aktiv. Ebenso hat Combofix über Antivir gemeckert, das ich nirgends mehr auf meinem PC gefunden habe (war früher mal installiert).
Um diese Meldungen nochmal zu sehen, habe ich Combofix ein zweites mal laufen lassen. Nun kam kein Gemecker mehr.
Hier der Log:


Code:
ComboFix 14-09-16.01 - bxxxf 17.09.2014  22:50:48.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3037.1346 [GMT 2:00]
ausgeführt von:: c:\users\bxxxf\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\_ctypes.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\_elementtree.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\_hashlib.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\_multiprocessing.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\_socket.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\_ssl.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\hashobjs_ext.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\pyexpat.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\pysqlite2._sqlite.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\python27.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\pythoncom27.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\PyWinTypes27.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\select.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\unicodedata.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32api.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32com.shell.shell.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32crypt.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32event.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32file.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32gui.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32inet.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32pdh.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32pipe.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32process.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32profile.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32security.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\win32ts.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\windows._lib_cacheinvalidation.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wx._animate.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wx._controls_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wx._core_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wx._gdi_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wx._html2.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wx._misc_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wx._windows_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wx._wizard.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wxbase294u_net_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wxbase294u_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wxmsw294u_adv_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wxmsw294u_core_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wxmsw294u_html_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI58002\wxmsw294u_webview_vc90.dll
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
---- Vorheriger Suchlauf -------
.
c:\program files\svp2_setup_21000.exe
c:\users\Administrator.bxxxf-LT1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\_ctypes.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\_elementtree.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\_hashlib.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\_multiprocessing.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\_socket.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\_ssl.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\hashobjs_ext.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\pyexpat.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\pysqlite2._sqlite.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\python27.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\pythoncom27.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\PyWinTypes27.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\select.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\unicodedata.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32api.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32com.shell.shell.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32crypt.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32event.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32file.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32gui.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32inet.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32pdh.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32pipe.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32process.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32profile.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32security.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\win32ts.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\windows._lib_cacheinvalidation.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wx._animate.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wx._controls_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wx._core_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wx._gdi_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wx._html2.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wx._misc_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wx._windows_.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wx._wizard.pyd
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wxbase294u_net_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wxbase294u_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wxmsw294u_adv_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wxmsw294u_core_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wxmsw294u_html_vc90.dll
c:\users\bxxxf\AppData\Local\Temp\_MEI60842\wxmsw294u_webview_vc90.dll
c:\users\bxxxf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\windows\IsUn0407.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
Q:\AUTORUN.INF
S:\AUTORUN.INF
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-17 bis 2014-09-17  ))))))))))))))))))))))))))))))
.
.
2014-09-17 21:02 . 2014-09-17 21:02        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-09-17 21:02 . 2014-09-17 21:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-09-17 21:02 . 2014-09-17 21:02        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2014-09-17 21:02 . 2014-09-17 21:02        --------        d-----w-        c:\users\Administrator.bxxxf-LT1\AppData\Local\temp
2014-09-17 20:32 . 2014-09-09 01:24        8806800        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08D5E394-7599-4402-908A-16702D5E06E3}\mpengine.dll
2014-09-17 08:15 . 2014-09-17 08:16        --------        d-----w-        c:\programdata\Reimage Protector
2014-09-17 08:15 . 2014-09-17 08:15        --------        d-----w-        c:\program files\Reimage
2014-09-17 08:15 . 2014-09-17 08:16        --------        d-----w-        C:\rei
2014-09-17 07:28 . 2014-09-17 07:27        908840        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{730DA022-C3CD-455C-BB4B-80106CD386B8}\gapaengine.dll
2014-09-15 16:57 . 2014-09-09 01:24        8806800        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-14 16:57 . 2014-09-14 17:02        --------        d-----w-        C:\FRST
2014-09-11 11:03 . 2014-07-07 01:40        1059840        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-11 11:03 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-01 16:50 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\system32\infocardapi.dll
2014-09-01 16:49 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-09-01 16:49 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\system32\icardagt.exe
2014-09-01 16:09 . 2014-07-14 01:42        654336        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-09-01 16:09 . 2014-06-16 01:44        730048        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-09-01 16:09 . 2014-06-16 01:44        219072        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2014-09-01 16:09 . 2014-06-16 01:40        107520        ----a-w-        c:\windows\system32\cdd.dll
2014-09-01 16:07 . 2014-08-23 01:46        305152        ----a-w-        c:\windows\system32\gdi32.dll
2014-09-01 16:06 . 2014-06-03 09:29        2363392        ----a-w-        c:\windows\system32\msi.dll
2014-09-01 16:06 . 2014-06-03 09:30        101824        ----a-w-        c:\windows\system32\consent.exe
2014-09-01 16:06 . 2014-06-03 09:29        337408        ----a-w-        c:\windows\system32\msihnd.dll
2014-09-01 16:06 . 2014-06-03 09:29        1805824        ----a-w-        c:\windows\system32\authui.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-23 00:42 . 2014-09-01 16:07        2352640        ----a-w-        c:\windows\system32\win32k.sys
2014-08-18 21:46 . 2014-09-11 17:12        454656        ----a-w-        c:\windows\system32\vbscript.dll
2014-08-18 20:46 . 2014-09-11 17:12        1812992        ----a-w-        c:\windows\system32\wininet.dll
2014-08-14 09:30 . 2011-08-12 13:48        893248        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-17 16:05 . 2014-07-17 16:05        231800        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2011-04-27 13:25        95920        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-16 02:46 . 2014-09-01 16:07        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-06-26 20:06 . 2014-06-26 20:06        6010880        ----a-w-        c:\program files\GUT95DA.tmp
1997-09-03 22:00 . 2010-04-29 18:56        311296        ----a-w-        c:\program files\Common Files\msacc8.olb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"StoppUhr"="" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-14 39408]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-23 21416]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"Amazon Cloud Player"="c:\users\bxxxf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-03 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-04-03 165152]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-03 40960]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-03-31 296520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealPlayer Cloud Service UI.lnk - c:\program files\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2014-3-31 814176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.5 BD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.5 BD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 6.5 BD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57        40368        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]
2009-02-02 18:28        16384        ----a-w-        c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10        142120        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-02-22 05:57        943504        ----a-w-        c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-02-23 18:29        21416        ----a-w-        c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-02-22 05:57        3508624        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2008-06-08 18:00        124248        ----a-w-        c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2008-06-08 18:00        165208        ----a-w-        c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-04-25 06:15        244208        ----a-w-        c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2011-02-12 18:36        79872        ----a-w-        c:\users\bxxxf\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 15:42        20584608        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32        253816        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R1 fwztuctp;fwztuctp;c:\windows\system32\drivers\fwztuctp.sys [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2008-04-25 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-04-25 309744]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R2 XYNTService;XYNTService;c:\users\Administrator\AppData\Local\Temp\{7E1F4F03-7C38-4624-8E99-191685098E28}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 30312]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 cpuz134;cpuz134;c:\users\bxxxf\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-27 211216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 28672]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2008-04-25 313840]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 114280]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 CDMA Device Service;CDMA Device Service;c:\program files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [2011-08-02 63488]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-08-22 220504]
S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2008-03-19 208896]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-10-26 66848]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-02-12 39568]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-03-31 1141336]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-02-14 23552]
S2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28 5857128]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-04-25 166384]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-08-08 53325]
S2 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [2010-08-10 217088]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2010-05-26 74752]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-10-31 101248]
S3 DCamUSBGene;Integrated Camera;c:\windows\system32\DRIVERS\usbstk.sys [2008-07-31 173584]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-21 112128]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2010-05-26 6144]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-12-17 66432]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avgntflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-11 04:11        1096520        ----a-w-        c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-17 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 17:12]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 17:12]
.
2009-08-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\bxxxf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\bxxxf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C1D98F93-94C3-4718-8CFB-0260C5FFCB93}\3747567616C616879702: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{C1D98F93-94C3-4718-8CFB-0260C5FFCB93}\9636365637: DhcpNameServer = 192.168.0.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3500)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\users\bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
c:\program files\Lenovo\HOTKEY\hkvolkey.DLL
c:\program files\Real\RealPlayer\RPDS\Bin\rpcloudview.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-17  23:14:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-17 21:14
.
Vor Suchlauf: 31 Verzeichnis(se), 37.879.205.888 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 37.524.705.280 Bytes frei
.
- - End Of File - - 7ADEEF91B57CBAD01D914641176F7FE0
A36C5E4F47E84449FF07ED3517B43A31

schrauber 18.09.2014 13:57
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

stebre 18.09.2014 19:07
Hallo,

zuerst mal die mbam.txt:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 18.09.2014 16:41:52, SYSTEM, BxxxF-LT1, Protection, Malware Protection, Starting,
Protection, 18.09.2014 16:41:52, SYSTEM, BxxxF-LT1, Protection, Malware Protection, Started,
Protection, 18.09.2014 16:41:53, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Starting,
Update, 18.09.2014 16:41:55, SYSTEM, BxxxF-LT1, Manual, Rootkit Database, 2014.2.20.1, 2014.9.15.1,
Update, 18.09.2014 16:42:05, SYSTEM, BxxxF-LT1, Manual, Malware Database, 2014.3.4.9, 2014.9.18.3,
Protection, 18.09.2014 16:42:06, SYSTEM, BxxxF-LT1, Protection, Refresh, Starting,
Protection, 18.09.2014 16:43:17, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Started,
Protection, 18.09.2014 16:43:18, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Stopping,
Protection, 18.09.2014 16:43:18, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Stopped,
Protection, 18.09.2014 16:43:24, SYSTEM, BxxxF-LT1, Protection, Refresh, Success,
Protection, 18.09.2014 16:43:24, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Starting,
Protection, 18.09.2014 16:43:25, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Started,
Update, 18.09.2014 17:05:58, SYSTEM, BxxxF-LT1, Manual, Rootkit Database, 2014.9.15.1, 2014.9.18.1,
Update, 18.09.2014 17:06:14, SYSTEM, BxxxF-LT1, Manual, Malware Database, 2014.9.18.3, 2014.9.18.4,
Protection, 18.09.2014 17:06:16, SYSTEM, BxxxF-LT1, Protection, Refresh, Starting,
Protection, 18.09.2014 17:06:16, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Stopping,
Protection, 18.09.2014 17:06:16, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Stopped,
Protection, 18.09.2014 17:07:03, SYSTEM, BxxxF-LT1, Protection, Refresh, Success,
Protection, 18.09.2014 17:07:03, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Starting,
Protection, 18.09.2014 17:07:04, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Started,
Protection, 18.09.2014 19:14:32, SYSTEM, BxxxF-LT1, Protection, Malware Protection, Starting,
Protection, 18.09.2014 19:14:32, SYSTEM, BxxxF-LT1, Protection, Malware Protection, Started,
Protection, 18.09.2014 19:14:32, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Starting,
Protection, 18.09.2014 19:16:21, SYSTEM, BxxxF-LT1, Protection, Malicious Website Protection, Started,

(end)
jetzt die AdwCleaner.txt


Code:
# AdwCleaner v3.310 - Bericht erstellt am 18/09/2014 um 19:40:42
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Bxxxf - Bxxxf-LT1
# Gestartet von : C:\Users\Bxxxf\Downloads\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Program Files\WebConnect
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Bxxxf\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Bxxxf\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Bxxxf\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Bxxxf\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Bxxxf\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Bxxxf\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Bxxxf\AppData\Roaming\dvdvideosoftiehelpers

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_age-of-empires_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_age-of-empires_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_stardict[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_stardict[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TubeSaver
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\WebConnect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v37.0.2062.120

[ Datei : C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : ieakfmpjhljbpbfpldjkddkjmmgjmgon

*************************

AdwCleaner[R0].txt - [6812 octets] - [18/09/2014 19:24:20]
AdwCleaner[S0].txt - [6733 octets] - [18/09/2014 19:40:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6793 octets] ##########
jetzt die JRT.txt

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.6 (09.18.2014:1)
OS: Windows 7 Home Premium x86
Ran by Bxxxf on 18.09.2014 at 19:52:19,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{282B0DF0-068B-4244-B20C-1EDCC779238F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{885EDD9C-291D-4488-B04F-4464B2FAD500}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.09.2014 at 19:57:02,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und (vorerst) abschließend die neue frst.txt



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Bxxxf (administrator) on BxxxF-LT1 on 18-09-2014 20:02:53
Running from C:\Users\Bxxxf\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
() C:\Users\Bxxxf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Promethean Technologies Group Ltd) C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [435488 2009-04-03] (Lenovo)
HKLM\...\Run: [ACWlIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [165152 2009-04-03] (Lenovo)
HKLM\...\Run: [CreateLMBCShortCut] => C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [40960 2009-04-03] ()
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-24] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.)
HKLM\...\Run: [ActivControl] => C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [1092896 2010-06-10] (Promethean Technologies Group Ltd)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2014-03-31] (RealNetworks, Inc.)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [StoppUhr] => [X]
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-14] (Google Inc.)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-02-23] ()
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-909024761-1574197840-3427079863-1003\...\Run: [Amazon Cloud Player] => C:\Users\Bxxxf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bxxxf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - DefaultScope {D78B3DA1-621B-4552-8CB3-7DFD0EEB7C2E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE460
SearchScopes: HKCU - {D78B3DA1-621B-4552-8CB3-7DFD0EEB7C2E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE460
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.6.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.6.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-25]
FF HKLM\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-31]
FF HKCU\...\Firefox\Extensions: [{c4cf403f-d86b-4e5a-a55a-ef6a06352881}] - C:\Program Files\TubeSaver\132.xpi

Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSearchKeyword: Default -> 4F9BD168754AB17D27521B4FF20E3F80E6ECA9908C438EA808C4EB8584C58D78
CHR DefaultSearchURL: Default -> 11DCAC78C7BD0DCA42410D8B2B7E13880685EBFAC1F36A7157410F11D2E68446
CHR CustomProfile: C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (AdBlock) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-30]
CHR Extension: (RealPlayer Downloader) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-31]
CHR Extension: (Skype Click to Call) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-30]
CHR Extension: (Google Wallet) - C:\Users\Bxxxf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Bxxxf\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CDMA Device Service; C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [63488 2011-08-02] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [211216 2009-02-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-31] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-06-12] (Lenovo Group Limited) [File not signed]
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [53325 2008-08-08] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2008-06-13] (Lenovo)
S2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed]
S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed]
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] () [File not signed]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
S2 XYNTService; C:\Users\Administrator\AppData\Local\Temp\{7E1F4F03-7C38-4624-8E99-191685098E28}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R3 ActivHidSerMini; C:\Windows\System32\DRIVERS\activhidsermini.sys [74752 2010-05-26] (Promethean Technologies Ltd)
R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [101248 2009-10-31] (AVM Berlin)
R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbstk.sys [173584 2008-07-31] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-02-17] (FTDI Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\A0101V32.sys [7680 2006-12-14] (ATK0100)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [6144 2010-05-26] (Promethean Technologies Ltd)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2008-10-26] ()
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2009-08-23] (Lenovo) [File not signed]
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Bxxxf\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Bxxxf\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 fwztuctp; \??\C:\Windows\system32\drivers\fwztuctp.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
S0 szkg5; system32\DRIVERS\szkg.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 19:57 - 2014-09-18 19:57 - 00000919 _____ () C:\Users\Bxxxf\Desktop\JRT.txt
2014-09-18 19:52 - 2014-09-18 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:50 - 2014-09-18 19:51 - 01016830 _____ (Thisisu) C:\Users\Bxxxf\Downloads\JRT.exe
2014-09-18 19:22 - 2014-09-18 19:40 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:21 - 2014-09-18 19:21 - 01373475 _____ () C:\Users\Bxxxf\Downloads\AdwCleaner_3.310.exe
2014-09-18 19:20 - 2014-09-18 19:51 - 00002453 _____ () C:\Users\Bxxxf\Desktop\mbam.txt
2014-09-18 16:41 - 2014-09-18 19:46 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 16:41 - 2014-09-18 16:41 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 16:41 - 2014-09-18 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 16:41 - 2014-09-18 16:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-18 16:41 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 16:41 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 16:41 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 16:38 - 2014-09-18 16:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bxxxf\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 23:14 - 2014-09-17 23:28 - 00034781 _____ () C:\ComboFix.txt
2014-09-17 23:07 - 2014-09-18 18:39 - 00000768 _____ () C:\Windows\system32\TPAPSLOG.LOG
2014-09-17 21:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-17 21:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-17 21:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-17 21:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-17 21:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-17 21:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-17 21:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-17 21:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-17 21:47 - 2014-09-17 23:14 - 00000000 ____D () C:\Qoobox
2014-09-17 21:46 - 2014-09-17 22:27 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 21:43 - 2014-09-17 21:45 - 05579386 ____R (Swearware) C:\Users\Bxxxf\Desktop\ComboFix.exe
2014-09-17 10:15 - 2014-09-17 10:16 - 00000000 ____D () C:\rei
2014-09-17 10:15 - 2014-09-17 10:16 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-17 10:15 - 2014-09-17 10:15 - 00002064 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-09-17 10:15 - 2014-09-17 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-09-17 10:13 - 2014-09-17 10:16 - 00000165 _____ () C:\Windows\Reimage.ini
2014-09-17 10:12 - 2014-09-17 10:12 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair (2).exe
2014-09-16 18:12 - 2014-09-16 18:12 - 00000757 _____ () C:\Users\Bxxxf\Desktop\Revo Uninstaller.lnk
2014-09-16 18:10 - 2014-09-16 18:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bxxxf\Desktop\revosetup95.exe
2014-09-15 17:10 - 2014-09-15 17:25 - 00000000 ____D () C:\Users\Bxxxf\Documents\Fachbereichsleitung Sport 2014 für Kerstin
2014-09-14 20:10 - 2014-09-14 20:14 - 00024229 _____ () C:\Users\Bxxxf\Desktop\gmer.log
2014-09-14 19:29 - 2014-09-14 19:30 - 00380416 _____ () C:\Users\Bxxxf\Desktop\Gmer-19357.exe
2014-09-14 19:28 - 2014-09-14 19:28 - 00000476 _____ () C:\Users\Bxxxf\Desktop\defogger_disable.log
2014-09-14 19:28 - 2014-09-14 19:28 - 00000000 _____ () C:\Users\Bxxxf\defogger_reenable
2014-09-14 19:27 - 2014-09-14 19:27 - 00050477 _____ () C:\Users\Bxxxf\Desktop\Defogger.exe
2014-09-14 19:00 - 2014-09-14 20:13 - 00054865 _____ () C:\Users\Bxxxf\Desktop\Addition.txt
2014-09-14 18:57 - 2014-09-18 20:03 - 00000000 ____D () C:\FRST
2014-09-14 18:57 - 2014-09-18 20:02 - 00000000 _____ () C:\Users\Bxxxf\Desktop\FRST.txt
2014-09-14 18:55 - 2014-09-14 18:55 - 01097728 _____ (Farbar) C:\Users\Bxxxf\Desktop\FRST.exe
2014-09-13 10:48 - 2014-09-13 10:48 - 00214208 _____ () C:\Users\Bxxxf\Downloads\t6044611_Val-di-Fassa-Bike-Classic.gpx
2014-09-13 10:46 - 2014-09-13 10:46 - 00290160 _____ () C:\Users\Bxxxf\Downloads\t6044815_Val-di-Fassa-Marathon.gpx
2014-09-13 10:44 - 2014-09-13 10:44 - 00402770 _____ () C:\Users\Bxxxf\Downloads\t6295184_Etappe-1-gegen-Uhrzeigersinne-Grand-Tour-Dolomiti-Lagorai-Bike.gpx
2014-09-13 10:42 - 2014-09-13 10:42 - 00090582 _____ () C:\Users\Bxxxf\Downloads\t6044198_Moena-Karerpass-Soraga-Moena.gpx
2014-09-13 10:39 - 2014-09-13 10:39 - 00064776 _____ () C:\Users\Bxxxf\Downloads\t5951746_Canazei-Penia-Pian-Trevisan.gpx
2014-09-13 10:36 - 2014-09-13 10:36 - 00269626 _____ () C:\Users\Bxxxf\Downloads\t6043866_Pozza-San-Nicolo-Tal-Monzoni-Tal.gpx
2014-09-13 10:34 - 2014-09-13 10:34 - 00264874 _____ () C:\Users\Bxxxf\Downloads\t5952103_Canazei-Campitello-Duron-Tal-Dona-Tal.gpx
2014-09-13 10:33 - 2014-09-13 10:33 - 00111020 _____ () C:\Users\Bxxxf\Downloads\t6043951_Pozza-Mazzin-Monzon-Gardeccia.gpx
2014-09-13 10:32 - 2014-09-13 10:32 - 00087624 _____ () C:\Users\Bxxxf\Downloads\t6018800_Mazzin-Pozza-Vigo-Ciampedie.gpx
2014-09-13 10:29 - 2014-09-13 10:29 - 00262946 _____ () C:\Users\Bxxxf\Downloads\t6018721_Canazei-Campitello-Val-Duron.gpx
2014-09-13 10:28 - 2014-09-13 10:28 - 00164327 _____ () C:\Users\Bxxxf\Downloads\t5951954_Alba-di-Canazei-Contrin-Huette.gpx
2014-09-13 10:25 - 2014-09-13 10:26 - 00125877 _____ () C:\Users\Bxxxf\Downloads\t6019168_Pozza-Val-Jumela-Ciampac.gpx
2014-09-11 19:12 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:12 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:12 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:12 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:12 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:12 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:12 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:12 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:12 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:12 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:12 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:12 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:12 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:12 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:12 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:12 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:12 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:12 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:12 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:12 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:12 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:12 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:12 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:12 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:12 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:12 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:12 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:12 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:12 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:12 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 13:03 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 13:03 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:36 - 2014-09-10 09:37 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair (1).exe
2014-09-10 09:35 - 2014-09-10 09:36 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair.exe
2014-09-09 21:22 - 2014-09-09 21:23 - 04703864 _____ (Garmin International) C:\Users\Bxxxf\Downloads\GarminMapUpdater.exe
2014-09-01 18:50 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-01 18:49 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-01 18:49 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-01 18:49 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-01 18:09 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 18:09 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 18:09 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-09-01 18:09 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-01 18:07 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-01 18:07 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 18:07 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 18:06 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 18:06 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 18:06 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 18:06 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 11:19 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 11:19 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 11:19 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 11:19 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 11:17 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 11:17 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 11:17 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 11:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 11:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 20:03 - 2014-09-14 18:57 - 00000000 ____D () C:\FRST
2014-09-18 20:02 - 2014-09-14 18:57 - 00000000 _____ () C:\Users\Bxxxf\Desktop\FRST.txt
2014-09-18 19:57 - 2014-09-18 19:57 - 00000919 _____ () C:\Users\Bxxxf\Desktop\JRT.txt
2014-09-18 19:52 - 2014-09-18 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:51 - 2014-09-18 19:50 - 01016830 _____ (Thisisu) C:\Users\Bxxxf\Downloads\JRT.exe
2014-09-18 19:51 - 2014-09-18 19:20 - 00002453 _____ () C:\Users\Bxxxf\Desktop\mbam.txt
2014-09-18 19:51 - 2009-11-29 13:24 - 00011216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 19:51 - 2009-11-29 13:24 - 00011216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 19:49 - 2009-11-29 14:06 - 01461319 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 19:46 - 2014-09-18 16:41 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 19:43 - 2010-01-14 19:12 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 19:42 - 2013-08-09 07:25 - 00012236 _____ () C:\Windows\PFRO.log
2014-09-18 19:42 - 2013-06-25 19:36 - 13464934 _____ () C:\Windows\setupact.log
2014-09-18 19:42 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 19:40 - 2014-09-18 19:22 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:21 - 2014-09-18 19:21 - 01373475 _____ () C:\Users\Bxxxf\Downloads\AdwCleaner_3.310.exe
2014-09-18 19:11 - 2010-01-14 19:12 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 19:10 - 2010-03-05 21:42 - 00000000 ____D () C:\Windows\Sun
2014-09-18 19:10 - 2009-10-24 18:21 - 00000258 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
2014-09-18 18:39 - 2014-09-17 23:07 - 00000768 _____ () C:\Windows\system32\TPAPSLOG.LOG
2014-09-18 16:41 - 2014-09-18 16:41 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 16:41 - 2014-09-18 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 16:41 - 2014-09-18 16:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-18 16:41 - 2012-03-21 22:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 16:39 - 2014-09-18 16:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bxxxf\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 23:28 - 2014-09-17 23:14 - 00034781 _____ () C:\ComboFix.txt
2014-09-17 23:14 - 2014-09-17 21:47 - 00000000 ____D () C:\Qoobox
2014-09-17 23:14 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-17 23:14 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-17 23:04 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-17 22:27 - 2014-09-17 21:46 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 22:18 - 2009-07-14 04:03 - 81002496 _____ () C:\Windows\system32\config\software.bak
2014-09-17 22:18 - 2009-07-14 04:03 - 22544384 _____ () C:\Windows\system32\config\system.bak
2014-09-17 22:18 - 2009-07-14 04:03 - 01048576 _____ () C:\Windows\system32\config\default.bak
2014-09-17 22:18 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-17 22:18 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-17 21:45 - 2014-09-17 21:43 - 05579386 ____R (Swearware) C:\Users\Bxxxf\Desktop\ComboFix.exe
2014-09-17 10:16 - 2014-09-17 10:15 - 00000000 ____D () C:\rei
2014-09-17 10:16 - 2014-09-17 10:15 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-17 10:16 - 2014-09-17 10:13 - 00000165 _____ () C:\Windows\Reimage.ini
2014-09-17 10:15 - 2014-09-17 10:15 - 00002064 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-09-17 10:15 - 2014-09-17 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-09-17 10:12 - 2014-09-17 10:12 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair (2).exe
2014-09-17 10:10 - 2013-09-09 23:19 - 00000094 _____ () C:\Users\Bxxxf\AppData\Roaming\WB.CFG
2014-09-16 18:12 - 2014-09-16 18:12 - 00000757 _____ () C:\Users\Bxxxf\Desktop\Revo Uninstaller.lnk
2014-09-16 18:10 - 2014-09-16 18:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bxxxf\Desktop\revosetup95.exe
2014-09-15 18:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-15 17:25 - 2014-09-15 17:10 - 00000000 ____D () C:\Users\Bxxxf\Documents\Fachbereichsleitung Sport 2014 für Kerstin
2014-09-15 16:46 - 2014-05-13 16:37 - 00000000 ____D () C:\Users\Bxxxf\Documents\MSG Schuljahr 2014-2015
2014-09-15 07:59 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-14 20:14 - 2014-09-14 20:10 - 00024229 _____ () C:\Users\Bxxxf\Desktop\gmer.log
2014-09-14 20:13 - 2014-09-14 19:00 - 00054865 _____ () C:\Users\Bxxxf\Desktop\Addition.txt
2014-09-14 19:30 - 2014-09-14 19:29 - 00380416 _____ () C:\Users\Bxxxf\Desktop\Gmer-19357.exe
2014-09-14 19:28 - 2014-09-14 19:28 - 00000476 _____ () C:\Users\Bxxxf\Desktop\defogger_disable.log
2014-09-14 19:28 - 2014-09-14 19:28 - 00000000 _____ () C:\Users\Bxxxf\defogger_reenable
2014-09-14 19:28 - 2009-11-29 13:25 - 00000000 ____D () C:\Users\Bxxxf
2014-09-14 19:27 - 2014-09-14 19:27 - 00050477 _____ () C:\Users\Bxxxf\Desktop\Defogger.exe
2014-09-14 18:55 - 2014-09-14 18:55 - 01097728 _____ (Farbar) C:\Users\Bxxxf\Desktop\FRST.exe
2014-09-14 17:54 - 2009-11-29 14:19 - 01654782 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 12:57 - 2009-11-02 18:26 - 00000000 ____D () C:\Garmin
2014-09-13 10:57 - 2009-10-26 18:38 - 00000000 ____D () C:\Users\Bxxxf\Documents\Urlaub
2014-09-13 10:48 - 2014-09-13 10:48 - 00214208 _____ () C:\Users\Bxxxf\Downloads\t6044611_Val-di-Fassa-Bike-Classic.gpx
2014-09-13 10:46 - 2014-09-13 10:46 - 00290160 _____ () C:\Users\Bxxxf\Downloads\t6044815_Val-di-Fassa-Marathon.gpx
2014-09-13 10:44 - 2014-09-13 10:44 - 00402770 _____ () C:\Users\Bxxxf\Downloads\t6295184_Etappe-1-gegen-Uhrzeigersinne-Grand-Tour-Dolomiti-Lagorai-Bike.gpx
2014-09-13 10:42 - 2014-09-13 10:42 - 00090582 _____ () C:\Users\Bxxxf\Downloads\t6044198_Moena-Karerpass-Soraga-Moena.gpx
2014-09-13 10:39 - 2014-09-13 10:39 - 00064776 _____ () C:\Users\Bxxxf\Downloads\t5951746_Canazei-Penia-Pian-Trevisan.gpx
2014-09-13 10:36 - 2014-09-13 10:36 - 00269626 _____ () C:\Users\Bxxxf\Downloads\t6043866_Pozza-San-Nicolo-Tal-Monzoni-Tal.gpx
2014-09-13 10:34 - 2014-09-13 10:34 - 00264874 _____ () C:\Users\Bxxxf\Downloads\t5952103_Canazei-Campitello-Duron-Tal-Dona-Tal.gpx
2014-09-13 10:33 - 2014-09-13 10:33 - 00111020 _____ () C:\Users\Bxxxf\Downloads\t6043951_Pozza-Mazzin-Monzon-Gardeccia.gpx
2014-09-13 10:32 - 2014-09-13 10:32 - 00087624 _____ () C:\Users\Bxxxf\Downloads\t6018800_Mazzin-Pozza-Vigo-Ciampedie.gpx
2014-09-13 10:29 - 2014-09-13 10:29 - 00262946 _____ () C:\Users\Bxxxf\Downloads\t6018721_Canazei-Campitello-Val-Duron.gpx
2014-09-13 10:28 - 2014-09-13 10:28 - 00164327 _____ () C:\Users\Bxxxf\Downloads\t5951954_Alba-di-Canazei-Contrin-Huette.gpx
2014-09-13 10:26 - 2014-09-13 10:25 - 00125877 _____ () C:\Users\Bxxxf\Downloads\t6019168_Pozza-Val-Jumela-Ciampac.gpx
2014-09-12 18:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:15 - 2009-08-23 00:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 19:07 - 2013-08-15 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 18:04 - 2011-06-19 21:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 18:03 - 2012-05-01 10:41 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 18:03 - 2011-08-07 21:27 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-11 18:03 - 2011-08-07 21:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 10:31 - 2011-11-16 11:43 - 00032603 _____ () C:\Users\Bxxxf\ACTIVstudioError.log
2014-09-10 09:37 - 2014-09-10 09:36 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair (1).exe
2014-09-10 09:36 - 2014-09-10 09:35 - 00850216 _____ (Reimage®) C:\Users\Bxxxf\Downloads\ReimageRepair.exe
2014-09-09 21:23 - 2014-09-09 21:22 - 04703864 _____ (Garmin International) C:\Users\Bxxxf\Downloads\GarminMapUpdater.exe
2014-09-07 17:03 - 2009-10-26 18:37 - 00000000 ____D () C:\Users\Bxxxf\Documents\Stundenkonzepte Aplus
2014-09-05 20:27 - 2012-06-19 20:45 - 00000000 ____D () C:\Users\Bxxxf\Documents\MSG Schuljahr 2012-2013
2014-09-05 20:16 - 2009-11-03 18:51 - 00000000 ____D () C:\Users\Bxxxf\AppData\Local\FreePDF_XP
2014-09-05 20:15 - 2009-11-03 18:51 - 00020280 _____ () C:\fpRedmon.log
2014-09-01 23:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-01 21:57 - 2012-08-31 17:28 - 00000000 ____D () C:\PFS6.5BD_TMP
2014-09-01 21:36 - 2009-07-14 06:33 - 00501632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 11:19 - 2012-12-07 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 03:46 - 2014-09-01 18:07 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-09-01 18:07 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 19:39 - 2014-09-11 19:12 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-11 19:12 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-11 19:12 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

Some content of TEMP:
====================
C:\Users\Bxxxf\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 15:19

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 19.09.2014 09:50

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

schrauber 19.09.2014 09:50

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

stebre 20.09.2014 19:15
hier das log von eset:

Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8b6da52291398748ad8c3d06f2f6e762
# engine=20235
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-20 02:34:28
# local_time=2014-09-20 04:34:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 772274 105404872 0 0
# scanned=326274
# found=5
# cleaned=0
# scan_time=16900
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=83B7832EE9ABD36DF44174F3982AF1D030373D0C ft=1 fh=785eca2c6f74a197 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bxxxf\Documents\Jonas\Treiber_dvd\SearchElf_1.2.exe"
sh=618FAF4C49C5304DC3ECF1EACD41EA2889FC85CF ft=1 fh=49ee9aba99fa7440 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bxxxf\Downloads\VLC media player 32 Bit - CHIP-Downloader.exe"
sh=FC4701776056BBF309820B5FA2BD2357109D0DEC ft=1 fh=e808868aa56217c7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\garmin_alt\OKMap\portablegpsnavigationstore.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="E:\Stephan_AXL\Stephan_AXL.rar"


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:58 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131