Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet (https://www.trojaner-board.de/162820-windows-7-webseiten-wegen-unisales-werbung-umgeleitet.html)

maga84 15.01.2015 19:49
Windows 7: Webseiten werden wegen UNISALES auf Werbung umgeleitet
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hi Zusammen, ich bin brandneu hier und hoffe auf eure Hilfe.

Hab mir Unisales eingefangen und Google konnte bis nun nicht helfen bzg. Mozilla, Chrome, I. Explorer resetten etc. haben nicht geholfen.
ADWCleaner bringt nichts Malwarebytes eben sowenig.
Ich wäre euch außerordentlich dankbar, wenn Ihr mir nen Tipp/ Hilfe hättet. Danke schon mal für eure Zeit. Hier sind meine Log's:

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 15-01-2015 19:38:23
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
() C:\Users\Manuel\Downloads\Gmer-19357.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (unIsales) - C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma\ [2013-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
U3 pgtyraog; \??\C:\Users\x203\AppData\Local\Temp\pgtyraog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000470 _____ () C:\Users\Manuel\Downloads\defogger_disable.log
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-15 19:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:31 - 2015-01-15 19:31 - 00001106 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:30 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Manuel\Downloads\EmsisoftAntiMalware4799Setup.exe
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:07 - 2015-01-15 19:38 - 00033097 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-15 19:07 - 2015-01-15 19:07 - 00037251 _____ () C:\Users\Manuel\Downloads\Addition.txt
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 19:01 - 2015-01-15 19:01 - 07203008 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\kavremover678.exe
2015-01-15 19:01 - 2015-01-15 19:01 - 00247941 _____ () C:\Users\Manuel\Downloads\kavremvr 2015-01-15 19-01-40 (pid 11508).log
2015-01-15 15:24 - 2015-01-15 15:24 - 00000000 ___SD () C:\ComboFix
2015-01-15 15:18 - 2015-01-15 15:18 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Manuel\Downloads\rkill.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:16 - 2015-01-15 15:16 - 00000681 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-15 15:12 - 2015-01-15 15:12 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-15 15:11 - 05609736 ____R (Swearware) C:\Users\Manuel\Downloads\ComboFix.exe
2015-01-15 15:11 - 2015-01-15 15:11 - 00000000 ____D () C:\Qoobox
2015-01-15 15:10 - 2015-01-15 15:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\tdsskiller.exe
2015-01-15 15:09 - 2015-01-15 15:09 - 02191360 _____ () C:\Users\Manuel\Downloads\AdwCleaner.exe
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-15 10:54 - 00003252 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 10:00 - 2015-01-15 10:00 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe
2015-01-15 09:51 - 2015-01-15 16:10 - 00001025 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-15 15:59 - 00009756 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:33 - 2015-01-15 09:33 - 17709352 _____ (Adobe Systems Inc.) C:\Users\x203\Downloads\Adobe_Air_v16.0.0.245.exe
2015-01-15 09:33 - 2015-01-15 09:33 - 11225840 _____ (SurfRight B.V.) C:\Users\x203\Downloads\Hitman_Pro_(64bit)_v3.7.9.234.exe
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-15 19:38 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:28 - 2015-01-14 10:28 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-14 10:28 - 2015-01-14 10:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-14 10:27 - 2015-01-14 10:27 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-14 10:26 - 2015-01-14 10:26 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-14 10:25 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-14 10:25 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-14 10:25 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-14 10:10 - 2015-01-14 10:25 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 10:10 - 2015-01-14 10:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-15 14:48 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-14 10:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:59 - 44232000 _____ (Lenovo Group Limited ) C:\Users\x203\Downloads\ThinkVantage_Access_Connections_v6.24.exe
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:29 - 2015-01-15 11:31 - 00000000 ____D () C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-11 10:32 - 2015-01-11 10:53 - 34121112 _____ (Oracle Corporation) C:\Users\x203\Downloads\Java_Runtime_Environment_(64bit)_v8.0.exe
2015-01-11 10:32 - 2015-01-11 10:53 - 14878640 _____ () C:\Users\x203\Downloads\Glary_Utilities_Pro_v5.16.0.29.exe
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-09 08:56 - 2015-01-09 08:56 - 00000000 ____D () C:\Users\x203\Downloads\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33
2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 19:38 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 19:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 18:55 - 2013-05-15 05:28 - 01858199 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 16:07 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:07 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:06 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-15 16:06 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-15 16:06 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 16:00 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-15 16:00 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 15:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 15:00 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-15 14:59 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:34 - 2014-12-08 10:30 - 00976384 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 10:10 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 09:31 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi
2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin
2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe
C:\Users\Manuel\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfnjov.dll
C:\Users\x203\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49
==================== End Of Log ============================
--- --- ---


GMER
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-15 19:43:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.LF1i 167.68GB
Running: Gmer-19357.exe; Driver: C:\Users\x203\AppData\Local\Temp\pgtyraog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                                                    fffff800039bc000 8 bytes [00, 00, 53, 02, 50, 72, 6F, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 464                                                                                    fffff800039bc010 30 bytes [00, 10, 00, 00, 28, 05, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                  0000000073441b41 2 bytes [44, 73]
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                  0000000073441be8 2 bytes [44, 73]
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                  0000000073441c20 2 bytes [44, 73]
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                  0000000073441cd2 2 bytes [44, 73]
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2836] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                  0000000073441cf2 2 bytes [44, 73]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\CyberGhost 5\Service.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files\CyberGhost 5\Service.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                      00000000714511a8 2 bytes [45, 71]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                00000000714513a8 2 bytes [45, 71]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                    0000000071451422 2 bytes [45, 71]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                            0000000071451498 2 bytes [45, 71]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                  0000000073441b41 2 bytes [44, 73]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                  0000000073441be8 2 bytes [44, 73]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                  0000000073441c20 2 bytes [44, 73]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                  0000000073441cd2 2 bytes [44, 73]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4816] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                  0000000073441cf2 2 bytes [44, 73]
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
?        C:\Windows\system32\mssprxy.dll [5596] entry point in ".rdata" section                                                                                000000005bfb71e6
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe[1304] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                        0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe[1304] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                        0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe[11056] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                          0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe[11056] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075be1465 2 bytes [BE, 75]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000075be14bb 2 bytes [BE, 75]
.text    ...                                                                                                                                                    * 2

---- Devices - GMER 2.1 ----

Device    \FileSystem\a2util \Device\A2Util                                                                                                                      fffff880099e6694
Device    \FileSystem\A2DDA \Device\A2 Direct Disk Access                                                                                                        fffff880098e8314
Device    \FileSystem\cleanhlp \Device\{A9CCEF13-54B0-4d3b-B0AD-549A53991942}                                                                                    fffff8800906f3f4

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [5140:5144]                                                                                                              00000000001a8d4e
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7036]                                                                                                              000000006e7dcf5c
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7028]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7224]                                                                                                              000000006e7624a2
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7772]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7972]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:3956]                                                                                                              000000006e80c159
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7204]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7540]                                                                                                              00000000615e784b
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7704]                                                                                                              00000000741732fb
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7280]                                                                                                              000000005958aec5
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7420]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:7484]                                                                                                              00000000765cd864
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:11668]                                                                                                            000000005c21871b
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:10744]                                                                                                            000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:12252]                                                                                                            000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:12012]                                                                                                            000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:10868]                                                                                                            000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:9864]                                                                                                              000000006e85a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [5140:1608]                                                                                                              000000006e8688ff

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a                                                              0x40 0x44 0x2C 0xE0 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc (not active ControlSet)                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a                                                                  0x40 0x44 0x2C 0xE0 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
Beste Grüße
Maga

schrauber 15.01.2015 19:50
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

maga84 15.01.2015 20:26
hi schrauber,

danke für den Hinweis.

Laut FRST sitzt unter
CHR Extension: (unIsales) - C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma\ [2013-12-30] das Unisales-Problem.

Ich hab es mal entfernt und hoffe, dass es jetzt geht.

Habt Ihr sonst noch was gefunden? Meinen jungfräulichen Log-File Augen entgeht bestimmt einiges. ;-)

Danue und Grüße
Maga

schrauber 16.01.2015 07:21
Die Addition.txt von FRST fehlt immer noch :)

maga84 16.01.2015 08:30
Hi schrauber

Die Addition.txt spuckt es mir nicht mehr aus. :-(
nur beim ersten Durchlauf, als ich jedoch nicht als Admin angemeldet war.
Hier ist sie:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by Manuel at 2015-01-15 19:07:53
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{D586BF67-0A61-4572-BE25-07B40C4CEDA1}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-30 21:31 - 00000505 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1        practivate.adobe.com
127.0.0.1        activate.adobe.com
127.0.0.1        practivate.adobe.com
127.0.0.1        ereg.adobe.com
127.0.0.1        activate.wip3.adobe.com
127.0.0.1        wip3.adobe.com
127.0.0.1        3dns-3.adobe.com
127.0.0.1        3dns-2.adobe.com
127.0.0.1        adobe-dns.adobe.com
127.0.0.1        adobe-dns2.adobe.com
127.0.0.1        adobe-dns3.adobe.com
127.0.0.1        ereg.wip3.adobe.com
127.0.0.1        activate-sea.adobe.com
127.0.0.1        wwis-dubc1-vip60.adobe.com
127.0.0.1        acitvate-sjc0.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GlaryInitialize 5.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => ?

==================== Loaded Modules (whitelisted) =============

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 04:02:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x1610
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/15/2015 03:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0xb928
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3


System errors:
=============
Error: (01/15/2015 04:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/15/2015 03:59:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847

Error: (01/15/2015 03:17:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}


Microsoft Office Sessions:
=========================
Error: (01/15/2015 04:02:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d2161001d030d3f5020979C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe8ae80206-9cc7-11e4-9f57-028037ec0200

Error: (01/15/2015 03:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d2b92801d030ce002f504dC:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe3fa047b2-9cc1-11e4-948f-028037ec0200


CodeIntegrity Errors:
===================================
  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-30 22:05:35.495
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 45%
Total physical RAM: 7887.8 MB
Available physical RAM: 4281.45 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 11507.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:18.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber 16.01.2015 09:42
Zitat:
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns2.adobe.com
127.0.0.1 adobe-dns3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 acitvate-sjc0.adobe.com

nicht nett. Kein weiterer Support bis das gecrackte Photoshop entfernt wurde.....

maga84 16.01.2015 11:27
Und Nochmal. Danke für eure Zeit!

Wegen zu vielen Zeichen gesplittet:
GMER - Teil 1
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-16 10:37:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.LF1i 167.68GB
Running: Gmer-19357.exe; Driver: C:\Users\x203\AppData\Local\Temp\pgtyraog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                                                    fffff800039bc000 45 bytes [00, 00, 21, 02, 41, 4C, 50, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495                                                                                    fffff800039bc02f 18 bytes [00, 60, 60, F6, 14, 80, FA, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\SysWOW64\ntdll.dll!RtlFreeActivationContextStack + 271                    0000000077178017 7 bytes JMP 000000010cfa883c
.text    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\syswow64\kernel32.dll!FreeLibrary + 8                                      0000000075243490 7 bytes JMP 000000010cfa866c
.text    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1648] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19                      0000000075245389 7 bytes JMP 000000010cf581b4
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                  000000005bb21b41 2 bytes [B2, 5B]
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                  000000005bb21be8 2 bytes [B2, 5B]
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                  000000005bb21c20 2 bytes [B2, 5B]
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                  000000005bb21cd2 2 bytes [B2, 5B]
.text    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2904] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                  000000005bb21cf2 2 bytes [B2, 5B]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\CyberGhost 5\Service.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000075521465 2 bytes [52, 75]
.text    C:\Program Files\CyberGhost 5\Service.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                                  0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                            0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                          0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                          0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                      0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                              0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Windows\system32\Dwm.exe[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                              000007fefcd29055 3 bytes [B5, 6F, 06]
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                                      0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                              0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                              0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                          0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                  0000000076d3db80 6 bytes JMP 0
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                  000007fefcd29055 3 bytes CALL 9000027
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiSetInternalUI                                                                            000007fef6c85c70 6 bytes JMP 37b4c0
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductA                                                                          000007fef6d02ad4 2 bytes [FF, 25]
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductA + 3                                                                      000007fef6d02ad7 3 bytes [D5, 2B, 00]
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\msi.dll!MsiInstallProductW                                                                          000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                                      000007fefa157b34 6 bytes {JMP QWORD [RIP+0xd84fc]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                      000007fefa1603c0 6 bytes JMP 70000
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                                    000007fefd6b3030 6 bytes {JMP QWORD [RIP+0x192d000]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!connect + 1                                                                              000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x18cba70]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!listen                                                                                    000007fefd6b8290 6 bytes {JMP QWORD [RIP+0x1907da0]}
.text    C:\Windows\Explorer.EXE[4488] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                                000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0x18c1f40]}
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                  000000007713fc20 3 bytes JMP 7175000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                              000000007713fc24 2 bytes JMP 7175000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                          000000007713fc38 3 bytes JMP 716c000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                      000000007713fc3c 2 bytes JMP 716c000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                    000000007713fd64 3 bytes JMP 716f000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                000000007713fd68 2 bytes JMP 716f000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                  00000000771400b4 3 bytes JMP 7172000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                              00000000771400b8 2 bytes JMP 7172000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                  00000000771401c4 3 bytes JMP 717b000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                              00000000771401c8 2 bytes JMP 717b000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                              0000000077140a44 3 bytes JMP 7178000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                          0000000077140a48 2 bytes JMP 7178000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                            0000000077141920 3 bytes JMP 7169000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                        0000000077141924 2 bytes JMP 7169000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                      0000000075253bbb 3 bytes JMP 7166000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                  0000000075253bbf 2 bytes JMP 7166000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                      0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                              00000000757c70c4 6 bytes JMP 717e000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                              00000000757e3264 6 bytes JMP 7181000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendMessageW                                  0000000076c39679 6 bytes JMP 718d000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!PostMessageW                                  0000000076c412a5 6 bytes JMP 7187000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!PostMessageA                                  0000000076c43baa 6 bytes JMP 718a000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendMessageA                                  0000000076c4612e 6 bytes JMP 7190000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendInput                                    0000000076c5ff4a 3 bytes JMP 7193000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!SendInput + 4                                0000000076c5ff4e 2 bytes JMP 7193000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!mouse_event                                  0000000076c9027b 6 bytes JMP 7199000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\USER32.dll!keybd_event                                  0000000076c902bf 6 bytes JMP 7196000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                        00000000751f575a 6 bytes JMP 719c000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!connect                                      00000000751f6bdd 6 bytes JMP 71a5000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!listen                                        00000000751fb001 6 bytes JMP 719f000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4572] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                    00000000751fcc3f 6 bytes JMP 71a2000a
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                          0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                        0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                        0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                    0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                            0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                            000007fefcd29055 3 bytes [B5, 6F, 06]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                    000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]}
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4644] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                    000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]}
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                          000000007713fc20 3 bytes JMP 718a000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                      000000007713fc24 2 bytes JMP 718a000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                  000000007713fc38 3 bytes JMP 7181000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                              000000007713fc3c 2 bytes JMP 7181000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                            000000007713fd64 3 bytes JMP 7184000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                        000000007713fd68 2 bytes JMP 7184000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                          00000000771400b4 3 bytes JMP 7187000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                      00000000771400b8 2 bytes JMP 7187000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                          00000000771401c4 3 bytes JMP 7190000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                      00000000771401c8 2 bytes JMP 7190000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                      0000000077140a44 3 bytes JMP 718d000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                  0000000077140a48 2 bytes JMP 718d000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    0000000077141920 3 bytes JMP 717e000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                0000000077141924 2 bytes JMP 717e000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                              0000000075253bbb 3 bytes JMP 717b000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                          0000000075253bbf 2 bytes JMP 717b000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                              0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendMessageW                                          0000000076c39679 6 bytes JMP 719f000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!PostMessageW                                          0000000076c412a5 6 bytes JMP 7199000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!PostMessageA                                          0000000076c43baa 6 bytes JMP 719c000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendMessageA                                          0000000076c4612e 6 bytes JMP 71a2000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendInput                                            0000000076c5ff4a 3 bytes JMP 71a5000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!SendInput + 4                                        0000000076c5ff4e 2 bytes JMP 71a5000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!mouse_event                                          0000000076c9027b 6 bytes JMP 71ab000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\USER32.dll!keybd_event                                          0000000076c902bf 6 bytes JMP 71a8000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                      00000000757c70c4 6 bytes JMP 7193000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                      00000000757e3264 6 bytes JMP 7196000a
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075521465 2 bytes [52, 75]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                      00000000716d11a8 2 bytes [6D, 71]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                00000000716d13a8 2 bytes [6D, 71]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                    00000000716d1422 2 bytes [6D, 71]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                            00000000716d1498 2 bytes [6D, 71]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                  000000005bb21b41 2 bytes [B2, 5B]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                  000000005bb21be8 2 bytes [B2, 5B]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                  000000005bb21c20 2 bytes [B2, 5B]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                  000000005bb21cd2 2 bytes [B2, 5B]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4668] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                  000000005bb21cf2 2 bytes [B2, 5B]
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                    0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                    0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                        0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                        000007fefcd29055 3 bytes CALL 9000027
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                          000007fefd6b3030 6 bytes {JMP QWORD [RIP+0x104d000]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!connect + 1                                                                      000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0xfeba70]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!listen                                                                          000007fefd6b8290 6 bytes {JMP QWORD [RIP+0x1027da0]}
.text    C:\Windows\System32\TpShocks.exe[4708] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                      000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0xfe1f40]}
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                    000000007713fc20 3 bytes JMP 717e000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                000000007713fc24 2 bytes JMP 717e000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                            000000007713fc38 3 bytes JMP 7175000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                        000000007713fc3c 2 bytes JMP 7175000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                      000000007713fd64 3 bytes JMP 7178000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                  000000007713fd68 2 bytes JMP 7178000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                    00000000771400b4 3 bytes JMP 717b000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                00000000771400b8 2 bytes JMP 717b000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                    00000000771401c4 3 bytes JMP 7184000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                00000000771401c8 2 bytes JMP 7184000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                0000000077140a44 3 bytes JMP 7181000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                            0000000077140a48 2 bytes JMP 7181000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                              0000000077141920 3 bytes JMP 7172000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                          0000000077141924 2 bytes JMP 7172000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                        0000000075253bbb 3 bytes JMP 716f000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                    0000000075253bbf 2 bytes JMP 716f000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                        0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendMessageW                                    0000000076c39679 6 bytes JMP 7193000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!PostMessageW                                    0000000076c412a5 6 bytes JMP 718d000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!PostMessageA                                    0000000076c43baa 6 bytes JMP 7190000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendMessageA                                    0000000076c4612e 6 bytes JMP 7196000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendInput                                      0000000076c5ff4a 3 bytes JMP 7199000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!SendInput + 4                                  0000000076c5ff4e 2 bytes JMP 7199000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!mouse_event                                    0000000076c9027b 6 bytes JMP 719f000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\USER32.dll!keybd_event                                    0000000076c902bf 6 bytes JMP 719c000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                00000000757c70c4 6 bytes JMP 7187000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                00000000757e3264 6 bytes JMP 718a000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                          00000000751f575a 6 bytes JMP 71a2000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!connect                                        00000000751f6bdd 6 bytes JMP 71ab000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!listen                                          00000000751fb001 6 bytes JMP 71a5000a
.text    C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4724] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                      00000000751fcc3f 6 bytes JMP 71a8000a
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                      0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                              0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                            0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                          0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Program Files\CCleaner\CCleaner64.exe[4764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                000007fefcd29055 3 bytes [B5, 6F, 26]
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                000000007713fc20 3 bytes JMP 717e000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                            000000007713fc24 2 bytes JMP 717e000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                          000000007713fc38 3 bytes JMP 7175000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                      000000007713fc3c 2 bytes JMP 7175000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                    000000007713fd64 3 bytes JMP 7178000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                000000007713fd68 2 bytes JMP 7178000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                  00000000771400b4 3 bytes JMP 717b000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                              00000000771400b8 2 bytes JMP 717b000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                00000000771401c4 3 bytes JMP 7184000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                            00000000771401c8 2 bytes JMP 7184000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                              0000000077140a44 3 bytes JMP 7181000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                          0000000077140a48 2 bytes JMP 7181000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077141920 3 bytes JMP 7172000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                        0000000077141924 2 bytes JMP 7172000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                    0000000075253bbb 3 bytes JMP 716f000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                0000000075253bbf 2 bytes JMP 716f000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                    0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendMessageW                                                0000000076c39679 6 bytes JMP 7193000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!PostMessageW                                                0000000076c412a5 6 bytes JMP 718d000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!PostMessageA                                                0000000076c43baa 6 bytes JMP 7190000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendMessageA                                                0000000076c4612e 6 bytes JMP 7196000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendInput                                                    0000000076c5ff4a 3 bytes JMP 7199000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                0000000076c5ff4e 2 bytes JMP 7199000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!mouse_event                                                  0000000076c9027b 6 bytes JMP 719f000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\USER32.dll!keybd_event                                                  0000000076c902bf 6 bytes JMP 719c000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                            00000000757c70c4 6 bytes JMP 7187000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                            00000000757e3264 6 bytes JMP 718a000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                      00000000751f575a 6 bytes JMP 71a2000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!connect                                                      00000000751f6bdd 6 bytes JMP 71ab000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!listen                                                      00000000751fb001 6 bytes JMP 71a5000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                  00000000751fcc3f 6 bytes JMP 71a8000a
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[4780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                              000000007713fc20 3 bytes JMP 7184000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                          000000007713fc24 2 bytes JMP 7184000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                        000000007713fc38 3 bytes JMP 717b000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                    000000007713fc3c 2 bytes JMP 717b000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                  000000007713fd64 3 bytes JMP 717e000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                              000000007713fd68 2 bytes JMP 717e000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                00000000771400b4 3 bytes JMP 7181000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                            00000000771400b8 2 bytes JMP 7181000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                              00000000771401c4 3 bytes JMP 718a000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                          00000000771401c8 2 bytes JMP 718a000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                            0000000077140a44 3 bytes JMP 7187000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                        0000000077140a48 2 bytes JMP 7187000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                          0000000077141920 3 bytes JMP 7178000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                      0000000077141924 2 bytes JMP 7178000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                  0000000075253bbb 3 bytes JMP 7175000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                              0000000075253bbf 2 bytes JMP 7175000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                  0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendMessageW                                              0000000076c39679 6 bytes JMP 7199000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!PostMessageW                                              0000000076c412a5 6 bytes JMP 7193000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!PostMessageA                                              0000000076c43baa 6 bytes JMP 7196000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendMessageA                                              0000000076c4612e 6 bytes JMP 719c000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendInput                                                  0000000076c5ff4a 3 bytes JMP 719f000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!SendInput + 4                                              0000000076c5ff4e 2 bytes JMP 719f000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!mouse_event                                                0000000076c9027b 6 bytes JMP 71a5000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\USER32.dll!keybd_event                                                0000000076c902bf 6 bytes JMP 71a2000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                          00000000757c70c4 6 bytes JMP 718d000a
.text    C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[4824] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                          00000000757e3264 6 bytes JMP 7190000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                    000000007713fc20 3 bytes JMP 7184000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                                000000007713fc24 2 bytes JMP 7184000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                              000000007713fc38 3 bytes JMP 717b000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                          000000007713fc3c 2 bytes JMP 717b000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                        000000007713fd64 3 bytes JMP 717e000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                    000000007713fd68 2 bytes JMP 717e000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                      00000000771400b4 3 bytes JMP 7181000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                  00000000771400b8 2 bytes JMP 7181000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                    00000000771401c4 3 bytes JMP 718a000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                                00000000771401c8 2 bytes JMP 718a000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                  0000000077140a44 3 bytes JMP 7187000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                              0000000077140a48 2 bytes JMP 7187000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                0000000077141920 3 bytes JMP 7178000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                            0000000077141924 2 bytes JMP 7178000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                        0000000075253bbb 3 bytes JMP 7175000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                                    0000000075253bbf 2 bytes JMP 7175000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                        0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                    0000000076c39679 6 bytes JMP 7199000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                    0000000076c412a5 6 bytes JMP 7193000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                    0000000076c43baa 6 bytes JMP 7196000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                    0000000076c4612e 6 bytes JMP 719c000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendInput                                                                        0000000076c5ff4a 3 bytes JMP 719f000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                    0000000076c5ff4e 2 bytes JMP 719f000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!mouse_event                                                                      0000000076c9027b 6 bytes JMP 71a5000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\USER32.dll!keybd_event                                                                      0000000076c902bf 6 bytes JMP 71a2000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                00000000757c70c4 6 bytes JMP 718d000a
.text    C:\Windows\SysWOW64\rundll32.exe[4836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                00000000757e3264 6 bytes JMP 7190000a
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                        000000007713fc20 3 bytes JMP 718a000a
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                                    000000007713fc24 2 bytes JMP 718a000a
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                000000007713fc38 3 bytes JMP 7181000a
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                            000000007713fc3c 2 bytes JMP 7181000a
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                          000000007713fd64 3 bytes [FF, 25, 1E]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                      000000007713fd68 2 bytes [83, 71]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                        00000000771400b4 3 bytes JMP 7187000a
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                    00000000771400b8 2 bytes JMP 7187000a
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                        00000000771401c4 3 bytes [FF, 25, 1E]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                                    00000000771401c8 2 bytes [8F, 71]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                    0000000077140a44 3 bytes [FF, 25, 1E]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                                0000000077140a48 2 bytes [8C, 71]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                  0000000077141920 3 bytes [FF, 25, 1E]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                              0000000077141924 2 bytes [7D, 71]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW                                                            0000000075253bbb 3 bytes [FF, 25, 1E]
.text    C:\Windows\SysWOW64\ntdll.dll[4860] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4                                                        0000000075253bbf 2 bytes [7A, 71]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                              000000007713fc20 3 bytes JMP 718a000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                          000000007713fc24 2 bytes JMP 718a000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                        000000007713fc38 3 bytes JMP 7181000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                    000000007713fc3c 2 bytes JMP 7181000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                  000000007713fd64 3 bytes JMP 7184000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                              000000007713fd68 2 bytes JMP 7184000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                00000000771400b4 3 bytes JMP 7187000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                            00000000771400b8 2 bytes JMP 7187000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                              00000000771401c4 3 bytes JMP 7190000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                          00000000771401c8 2 bytes JMP 7190000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                            0000000077140a44 3 bytes [FF, 25, 1E]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                        0000000077140a48 2 bytes [8C, 71]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                          0000000077141920 3 bytes [FF, 25, 1E]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                      0000000077141924 2 bytes [7D, 71]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                  0000000075253bbb 3 bytes JMP 717b000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                              0000000075253bbf 2 bytes JMP 717b000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                  0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                          00000000757c70c4 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                          00000000757e3264 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendMessageW                                              0000000076c39679 6 bytes JMP 719f000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!PostMessageW                                              0000000076c412a5 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!PostMessageA                                              0000000076c43baa 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendMessageA                                              0000000076c4612e 6 bytes {JMP QWORD [RIP+0x71a1001e]}
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendInput                                                  0000000076c5ff4a 3 bytes [FF, 25, 1E]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!SendInput + 4                                              0000000076c5ff4e 2 bytes [A4, 71]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!mouse_event                                                0000000076c9027b 6 bytes {JMP QWORD [RIP+0x71aa001e]}
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4892] C:\Windows\syswow64\USER32.dll!keybd_event                                                0000000076c902bf 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                      0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                          0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Windows\SYSTEM32\WISPTIS.EXE[6920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                          000007fefcd29055 3 bytes CALL 0
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                        0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                          0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                        0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                        0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                    0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                  0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                            0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[6932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                            000007fefcd29055 3 bytes CALL 9000027
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                000000007713fc20 3 bytes JMP 718a000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                            000000007713fc24 2 bytes JMP 718a000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                        000000007713fc38 3 bytes JMP 7181000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                    000000007713fc3c 2 bytes JMP 7181000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                  000000007713fd64 3 bytes JMP 7184000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                              000000007713fd68 2 bytes JMP 7184000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                00000000771400b4 3 bytes JMP 7187000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                            00000000771400b8 2 bytes JMP 7187000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                00000000771401c4 3 bytes JMP 7190000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                            00000000771401c8 2 bytes JMP 7190000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                            0000000077140a44 3 bytes JMP 718d000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                        0000000077140a48 2 bytes JMP 718d000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077141920 3 bytes JMP 717e000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                      0000000077141924 2 bytes JMP 717e000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                    0000000075253bbb 3 bytes JMP 717b000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                0000000075253bbf 2 bytes JMP 717b000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                    0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                            00000000757c70c4 6 bytes JMP 7193000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                            00000000757e3264 6 bytes JMP 7196000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendMessageW                                0000000076c39679 6 bytes JMP 719f000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!PostMessageW                                0000000076c412a5 6 bytes JMP 7199000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!PostMessageA                                0000000076c43baa 6 bytes JMP 719c000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendMessageA                                0000000076c4612e 6 bytes JMP 71a2000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendInput                                  0000000076c5ff4a 3 bytes JMP 71a5000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!SendInput + 4                              0000000076c5ff4e 2 bytes JMP 71a5000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!mouse_event                                0000000076c9027b 6 bytes JMP 71ab000a
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6616] C:\Windows\syswow64\USER32.dll!keybd_event                                0000000076c902bf 6 bytes JMP 71a8000a
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                          0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                        0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                        0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                    0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                            0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Program Files\Tablet\ISD\ISD_TouchUser.exe[6640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                            000007fefcd29055 3 bytes CALL 9000027
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                    0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                    0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                        0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]}
.text    C:\Windows\system32\taskhost.exe[6728] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]}
.text    C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                      0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                          0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                        0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                      0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                    0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Program Files\Tablet\ISD\ISD_TabletUser.exe[6952] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                          0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}

maga84 16.01.2015 11:28
GMER - Teil 2
Code:
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                          0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                    0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                  0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                              0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                    0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                    000007fefcd29055 3 bytes CALL 9000027
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                            000000007713fc20 3 bytes JMP 7178000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                        000000007713fc24 2 bytes JMP 7178000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                    000000007713fc38 3 bytes JMP 716f000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                000000007713fc3c 2 bytes JMP 716f000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                              000000007713fd64 3 bytes JMP 7172000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                          000000007713fd68 2 bytes JMP 7172000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                            00000000771400b4 3 bytes JMP 7175000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                        00000000771400b8 2 bytes JMP 7175000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                            00000000771401c4 3 bytes JMP 717e000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                        00000000771401c8 2 bytes JMP 717e000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                        0000000077140a44 3 bytes JMP 717b000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                    0000000077140a48 2 bytes JMP 717b000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                      0000000077141920 3 bytes JMP 716c000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                  0000000077141924 2 bytes JMP 716c000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                0000000075253bbb 3 bytes JMP 7169000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                            0000000075253bbf 2 bytes JMP 7169000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendMessageW                                            0000000076c39679 6 bytes JMP 718d000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\USER32.dll!PostMessageW                                            0000000076c412a5 6 bytes JMP 7187000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\USER32.dll!PostMessageA                                            0000000076c43baa 6 bytes JMP 718a000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendMessageA                                            0000000076c4612e 6 bytes JMP 7190000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendInput                                              0000000076c5ff4a 3 bytes JMP 7193000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\USER32.dll!SendInput + 4                                          0000000076c5ff4e 2 bytes JMP 7193000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\USER32.dll!mouse_event                                            0000000076c9027b 6 bytes JMP 7199000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\USER32.dll!keybd_event                                            0000000076c902bf 6 bytes JMP 7196000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                        00000000757c70c4 6 bytes JMP 7181000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                        00000000757e3264 6 bytes JMP 7184000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                  00000000751f575a 6 bytes JMP 719c000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!connect                                                00000000751f6bdd 6 bytes JMP 71a5000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!listen                                                  00000000751fb001 6 bytes JMP 719f000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                              00000000751fcc3f 6 bytes JMP 71a2000a
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                000000007713fc20 3 bytes JMP 718a000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                            000000007713fc24 2 bytes JMP 718a000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                        000000007713fc38 3 bytes JMP 7181000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                    000000007713fc3c 2 bytes JMP 7181000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                  000000007713fd64 3 bytes JMP 7184000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                              000000007713fd68 2 bytes JMP 7184000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                00000000771400b4 3 bytes JMP 7187000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                            00000000771400b8 2 bytes JMP 7187000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                00000000771401c4 3 bytes JMP 7190000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                            00000000771401c8 2 bytes JMP 7190000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                            0000000077140a44 3 bytes JMP 718d000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                        0000000077140a48 2 bytes JMP 718d000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          0000000077141920 3 bytes JMP 717e000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                      0000000077141924 2 bytes JMP 717e000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                    0000000075253bbb 3 bytes JMP 717b000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                                0000000075253bbf 2 bytes JMP 717b000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                    0000000076862c9e 4 bytes CALL 71af0000
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                            00000000757c70c4 6 bytes JMP 7193000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                            00000000757e3264 6 bytes JMP 7196000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                0000000076c39679 6 bytes JMP 719f000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                0000000076c412a5 6 bytes JMP 7199000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                0000000076c43baa 6 bytes JMP 719c000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                0000000076c4612e 6 bytes JMP 71a2000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendInput                                                                  0000000076c5ff4a 3 bytes JMP 71a5000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                              0000000076c5ff4e 2 bytes JMP 71a5000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!mouse_event                                                                0000000076c9027b 6 bytes JMP 71ab000a
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7212] C:\Windows\syswow64\USER32.dll!keybd_event                                                                0000000076c902bf 6 bytes JMP 71a8000a
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[7960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[7960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                    0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                    0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                        0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                        000007fefcd29055 3 bytes [B5, 6F, 06]
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                              000007fefa157b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                              000007fefa1603c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                          000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!connect + 1                                                                      000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!listen                                                                          000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text    C:\Windows\system32\rundll32.exe[8100] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                      000007fefd6de0f0 6 bytes JMP 0
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                          0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                        0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                        0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                    0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                            0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                            000007fefcd29055 3 bytes [B5, 6F, 06]
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                      0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                          0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\Windows\system32\taskeng.exe[7668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                          000007fefcd29055 3 bytes [B5, 6F, 06]
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                      0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                          0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                        0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                      0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                    0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                  0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                          000007fefcd29055 3 bytes [B5, 6F, 08]
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                            000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!connect + 1                                        000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!listen                                            000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\WS2_32.dll!WSAConnect                                        000007fefd6de0f0 6 bytes JMP 22000000
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiSetInternalUI                                      000007fef6c85c70 6 bytes {JMP QWORD [RIP+0x37a3c0]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductA                                    000007fef6d02ad4 2 bytes [FF, 25]
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductA + 3                                000007fef6d02ad7 3 bytes [D5, 2B, 00]
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3680] C:\Windows\system32\msi.dll!MsiInstallProductW                                    000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                      0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                      0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                          000007fefcd29055 3 bytes [B5, 6F, 2A]
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                            000007fefd6b3030 6 bytes {JMP QWORD [RIP+0xfed000]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!connect + 1                                      000007fefd6b45c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!listen                                            000007fefd6b8290 6 bytes {JMP QWORD [RIP+0xfc7da0]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\WS2_32.dll!WSAConnect                                        000007fefd6de0f0 6 bytes {JMP QWORD [RIP+0x61f40]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiSetInternalUI                                    000007fef6c85c70 6 bytes {JMP QWORD [RIP+0x37a3c0]}
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductA                                  000007fef6d02ad4 2 bytes [FF, 25]
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductA + 3                              000007fef6d02ad7 3 bytes [D5, 2B, 00]
.text    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[7768] C:\Windows\system32\msi.dll!MsiInstallProductW                                  000007fef6d1167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                    0000000076f91510 6 bytes {JMP QWORD [RIP+0x91aeb20]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                              0000000076f91520 6 bytes {JMP QWORD [RIP+0x920eb10]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                        0000000076f915e0 6 bytes {JMP QWORD [RIP+0x91eea50]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                      0000000076f91800 6 bytes {JMP QWORD [RIP+0x91ce830]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                    0000000076f918b0 6 bytes {JMP QWORD [RIP+0x916e780]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                  0000000076f91e40 6 bytes {JMP QWORD [RIP+0x918e1f0]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000076f927e0 6 bytes {JMP QWORD [RIP+0x922d850]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                        0000000076d3db80 6 bytes {JMP QWORD [RIP+0x94a24b0]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                        000007fefcd29055 3 bytes [B5, 6F, 06]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                000007fefee655c8 6 bytes {JMP QWORD [RIP+0xfaa68]}
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8700] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                000007fefee7b85c 6 bytes {JMP QWORD [RIP+0xc47d4]}
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                000000007713fc20 3 bytes JMP 718a000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                            000000007713fc24 2 bytes JMP 718a000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                        000000007713fc38 3 bytes JMP 7181000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                    000000007713fc3c 2 bytes JMP 7181000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                  000000007713fd64 3 bytes JMP 7184000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                              000000007713fd68 2 bytes JMP 7184000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                00000000771400b4 3 bytes JMP 7187000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                            00000000771400b8 2 bytes JMP 7187000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                00000000771401c4 3 bytes JMP 7190000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                            00000000771401c8 2 bytes JMP 7190000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                            0000000077140a44 3 bytes JMP 718d000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                        0000000077140a48 2 bytes JMP 718d000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                          0000000077141920 3 bytes JMP 717e000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                      0000000077141924 2 bytes JMP 717e000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                    0000000075253bbb 3 bytes JMP 717b000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                0000000075253bbf 2 bytes JMP 717b000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                    0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendMessageW                                                0000000076c39679 6 bytes JMP 719f000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!PostMessageW                                                0000000076c412a5 6 bytes JMP 7199000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!PostMessageA                                                0000000076c43baa 6 bytes JMP 719c000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendMessageA                                                0000000076c4612e 6 bytes JMP 71a2000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendInput                                                  0000000076c5ff4a 3 bytes JMP 71a5000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!SendInput + 4                                              0000000076c5ff4e 2 bytes JMP 71a5000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!mouse_event                                                0000000076c9027b 6 bytes JMP 71ab000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\USER32.dll!keybd_event                                                0000000076c902bf 6 bytes JMP 71a8000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                            00000000757c70c4 6 bytes JMP 7193000a
.text    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[8408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                            00000000757e3264 6 bytes JMP 7196000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                            000000007713fc20 3 bytes JMP 718a000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                        000000007713fc24 2 bytes JMP 718a000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                      000000007713fc38 3 bytes JMP 7181000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                  000000007713fc3c 2 bytes JMP 7181000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                000000007713fd64 3 bytes JMP 7184000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                            000000007713fd68 2 bytes JMP 7184000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                              00000000771400b4 3 bytes JMP 7187000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                          00000000771400b8 2 bytes JMP 7187000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                            00000000771401c4 3 bytes JMP 7190000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                        00000000771401c8 2 bytes JMP 7190000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                          0000000077140a44 3 bytes JMP 718d000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                      0000000077140a48 2 bytes JMP 718d000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                        0000000077141920 3 bytes JMP 717e000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                    0000000077141924 2 bytes JMP 717e000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                0000000075253bbb 3 bytes JMP 717b000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                            0000000075253bbf 2 bytes JMP 717b000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                        00000000757c70c4 6 bytes JMP 7193000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                        00000000757e3264 6 bytes JMP 7196000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendMessageW                                            0000000076c39679 6 bytes JMP 719f000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!PostMessageW                                            0000000076c412a5 6 bytes JMP 7199000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!PostMessageA                                            0000000076c43baa 6 bytes JMP 719c000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendMessageA                                            0000000076c4612e 6 bytes JMP 71a2000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendInput                                                0000000076c5ff4a 3 bytes JMP 71a5000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!SendInput + 4                                            0000000076c5ff4e 2 bytes JMP 71a5000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!mouse_event                                              0000000076c9027b 6 bytes JMP 71ab000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\USER32.dll!keybd_event                                              0000000076c902bf 6 bytes JMP 71a8000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                  00000000751f575a 6 bytes JMP 716d000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!connect                                                  00000000751f6bdd 6 bytes JMP 7176000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!listen                                                  00000000751fb001 6 bytes JMP 7170000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                              00000000751fcc3f 6 bytes JMP 7173000a
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                        000000007713fc20 3 bytes JMP 718a000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                    000000007713fc24 2 bytes JMP 718a000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                  000000007713fc38 3 bytes JMP 7181000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                              000000007713fc3c 2 bytes JMP 7181000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                            000000007713fd64 3 bytes JMP 7184000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                        000000007713fd68 2 bytes JMP 7184000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                          00000000771400b4 3 bytes JMP 7187000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                      00000000771400b8 2 bytes JMP 7187000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                        00000000771401c4 3 bytes JMP 7190000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                    00000000771401c8 2 bytes JMP 7190000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                      0000000077140a44 3 bytes JMP 718d000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                  0000000077140a48 2 bytes JMP 718d000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    0000000077141920 3 bytes JMP 717e000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                0000000077141924 2 bytes JMP 717e000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                            0000000075253bbb 3 bytes JMP 717b000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                        0000000075253bbf 2 bytes JMP 717b000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                            0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendMessageW                                        0000000076c39679 6 bytes JMP 719f000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!PostMessageW                                        0000000076c412a5 6 bytes JMP 7199000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!PostMessageA                                        0000000076c43baa 6 bytes JMP 719c000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendMessageA                                        0000000076c4612e 6 bytes JMP 71a2000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendInput                                            0000000076c5ff4a 3 bytes JMP 71a5000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!SendInput + 4                                        0000000076c5ff4e 2 bytes JMP 71a5000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!mouse_event                                          0000000076c9027b 6 bytes JMP 71ab000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\USER32.dll!keybd_event                                          0000000076c902bf 6 bytes JMP 71a8000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                    00000000757c70c4 6 bytes JMP 7193000a
.text    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[5256] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                    00000000757e3264 6 bytes JMP 7196000a
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[8516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[8516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[8696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000075521465 2 bytes [52, 75]
.text    C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[8696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000755214bb 2 bytes [52, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                            000000007713fc20 3 bytes JMP 718a000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                        000000007713fc24 2 bytes JMP 718a000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                      000000007713fc38 3 bytes JMP 7181000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                  000000007713fc3c 2 bytes JMP 7181000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                000000007713fd64 3 bytes JMP 7184000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                            000000007713fd68 2 bytes JMP 7184000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                              00000000771400b4 3 bytes JMP 7187000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                          00000000771400b8 2 bytes JMP 7187000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                            00000000771401c4 3 bytes JMP 7190000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                        00000000771401c8 2 bytes JMP 7190000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                          0000000077140a44 3 bytes JMP 718d000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                      0000000077140a48 2 bytes JMP 718d000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                        0000000077141920 3 bytes JMP 717e000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                    0000000077141924 2 bytes JMP 717e000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                0000000075253bbb 3 bytes JMP 717b000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                            0000000075253bbf 2 bytes JMP 717b000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                0000000076862c9e 4 bytes CALL 71af0000
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendMessageW                                                            0000000076c39679 6 bytes JMP 719f000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!PostMessageW                                                            0000000076c412a5 6 bytes JMP 7199000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!PostMessageA                                                            0000000076c43baa 6 bytes JMP 719c000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendMessageA                                                            0000000076c4612e 6 bytes JMP 71a2000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendInput                                                                0000000076c5ff4a 3 bytes JMP 71a5000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                            0000000076c5ff4e 2 bytes JMP 71a5000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!mouse_event                                                              0000000076c9027b 6 bytes JMP 71ab000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\USER32.dll!keybd_event                                                              0000000076c902bf 6 bytes JMP 71a8000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                        00000000757c70c4 6 bytes JMP 7193000a
.text    C:\Users\Manuel\Downloads\Gmer-19357.exe[5104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                        00000000757e3264 6 bytes JMP 7196000a

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [4860:4864]                                                                                                              0000000001068d4e
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:7948]                                                                                                              000000006e79cf5c
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:7956]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8004]                                                                                                              000000006e7224a2
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:7772]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:5692]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:1540]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:2012]                                                                                                              000000006e7cc159
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:3688]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8200]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8412]                                                                                                              000000006f4c784b
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8548]                                                                                                              0000000056c1aec5
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:692]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:708]                                                                                                              0000000074ead864
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:8552]                                                                                                              0000000072b232fb
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:5552]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:6004]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:3944]                                                                                                              000000006e81a8c0
Thread    C:\Windows\SysWOW64\ntdll.dll [4860:7740]                                                                                                              000000006e8288ff

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a                                                              0x40 0x44 0x2C 0xE0 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc (not active ControlSet)                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2cdc6bc@30a8db49d01a                                                                  0x40 0x44 0x2C 0xE0 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----

maga84 16.01.2015 11:30
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 16-01-2015 11:17:24
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\x203\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 11:13 - 2015-01-16 11:13 - 00057924 _____ () C:\Users\Manuel\Downloads\Addition.txt
2015-01-16 11:12 - 2015-01-16 11:17 - 00034967 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt
2015-01-16 10:25 - 2015-01-16 10:25 - 00000470 _____ () C:\Users\Manuel\Downloads\defogger_disable.log
2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp
2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-16 10:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:31 - 2015-01-15 19:31 - 00001106 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:30 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Manuel\Downloads\EmsisoftAntiMalware4799Setup.exe
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 19:01 - 2015-01-15 19:01 - 07203008 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\kavremover678.exe
2015-01-15 19:01 - 2015-01-15 19:01 - 00247941 _____ () C:\Users\Manuel\Downloads\kavremvr 2015-01-15 19-01-40 (pid 11508).log
2015-01-15 15:24 - 2015-01-15 15:24 - 00000000 ___SD () C:\ComboFix
2015-01-15 15:18 - 2015-01-15 15:18 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Manuel\Downloads\rkill.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:16 - 2015-01-15 15:16 - 00000681 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-15 15:12 - 2015-01-15 15:12 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-15 15:11 - 05609736 ____R (Swearware) C:\Users\Manuel\Downloads\ComboFix.exe
2015-01-15 15:11 - 2015-01-15 15:11 - 00000000 ____D () C:\Qoobox
2015-01-15 15:10 - 2015-01-15 15:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Manuel\Downloads\tdsskiller.exe
2015-01-15 15:09 - 2015-01-15 15:09 - 02191360 _____ () C:\Users\Manuel\Downloads\AdwCleaner.exe
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-15 10:54 - 00003252 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 10:00 - 2015-01-15 10:00 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe
2015-01-15 09:51 - 2015-01-16 11:08 - 00001957 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-16 10:41 - 00011536 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-16 11:17 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:28 - 2015-01-14 10:28 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-14 10:28 - 2015-01-14 10:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-14 10:27 - 2015-01-14 10:27 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-14 10:26 - 2015-01-14 10:26 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-14 10:25 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-14 10:25 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-14 10:25 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-14 10:10 - 2015-01-14 10:25 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 10:10 - 2015-01-14 10:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-15 14:48 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-14 10:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33
2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 11:16 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-16 11:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 11:01 - 2013-05-15 05:28 - 01964081 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 10:59 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:49 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 10:49 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 10:48 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 10:48 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 10:48 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 10:42 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-16 10:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop
2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe
2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-15 20:22 - 2014-12-08 10:30 - 00989184 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 10:10 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 09:31 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi
2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin
2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe
C:\Users\Manuel\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfnjov.dll
C:\Users\x203\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49

==================== End Of Log ============================
--- --- ---

--- --- ---


ADDITION

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-16 11:13:12
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-16 11:03 - 2015-01-16 11:10 - 00000883 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {326D759E-1B50-476F-8ACE-CA0912537815} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION
Task: {3807F458-4445-431C-898E-980905E16691} - \TubeSaver-15-updater No Task File <==== ATTENTION
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49D3B875-F572-4023-9D26-A845D020A2F7} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {776C12F0-5401-4A1A-AEF9-723003F413BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {861B78BE-2733-43B6-AAE8-3C9E1D9492F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4884143-8D6C-4A9B-94FB-13419383DF56} - \TubeSaver-15-enabler No Task File <==== ATTENTION
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe

==================== Loaded Modules (whitelisted) =============

2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 23:44 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-05 06:18 - 2015-01-05 06:18 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 11:11:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WISPTIS.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a4e0
Name des fehlerhaften Moduls: WISPTIS.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a4e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000036e8a
ID des fehlerhaften Prozesses: 0x3b2c
Startzeit der fehlerhaften Anwendung: 0xWISPTIS.EXE0
Pfad der fehlerhaften Anwendung: WISPTIS.EXE1
Pfad des fehlerhaften Moduls: WISPTIS.EXE2
Berichtskennung: WISPTIS.EXE3

Error: (01/16/2015 11:00:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x32b8
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/16/2015 10:58:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x2a3c
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/16/2015 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x12f4
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (01/16/2015 11:02:44 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (01/16/2015 10:43:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 10:31:46 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 10:25:33 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 10:23:48 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x0000000080000004, 0xfffff80003b94470, 0xfffff88002f84b90, 0x0000000000000000)C:\Windows\MEMORY.DMP011615-8845-01

Error: (01/16/2015 10:23:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎01.‎2015 um 10:21:59 unerwartet heruntergefahren.

Error: (01/16/2015 10:17:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 08:27:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 08:25:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847

Error: (01/15/2015 08:40:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll


Microsoft Office Sessions:
=========================
Error: (01/16/2015 11:11:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WISPTIS.EXE6.1.7601.175144ce7a4e0WISPTIS.EXE6.1.7601.175144ce7a4e0c00000050000000000036e8a3b2c01d03174c4cbd7caC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\SYSTEM32\WISPTIS.EXE060a7314-9d68-11e4-9e9c-028037ec0200

Error: (01/16/2015 11:00:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d232b801d031733557ccd3C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe744ec682-9d66-11e4-9e9c-028037ec0200

Error: (01/16/2015 10:58:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d22a3c01d03172ecd6dcecC:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe32a99d71-9d66-11e4-9e9c-028037ec0200

Error: (01/16/2015 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d212f401d03170b740d149C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe451739dc-9d64-11e4-9e9c-028037ec0200

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600

Error: (01/16/2015 10:42:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600


CodeIntegrity Errors:
===================================
  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-30 22:05:35.495
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 7887.8 MB
Available physical RAM: 4500.52 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 10957.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:20.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

==================== End Of Log ============================

schrauber 16.01.2015 11:56
Hast Du den Chrome mit als unfertige Developer Version installiert?

maga84 16.01.2015 12:02
Eigentlich nein. Habe das "normale" chrome runter geladen und in Verwendung.

schrauber 16.01.2015 12:09
eben nicht. Deine Chrome Version wiurde von adware in Dev geändert, so lässt sich die andere Adware leichter installieren :D. Du surfst ja auch über nen Malware-Proxy.


Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

maga84 16.01.2015 17:50
Wow, danke für deine schnelle Hilfe.
So, hab es hinbekommen.
hier die Combofix Log-Datei

Code:
ComboFix 15-01-08.01 - x203 16.01.2015  15:28:00.5.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.41.1031.18.7888.5768 [GMT 1:00]
ausgeführt von:: c:\users\Manuel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\1386885237.bdinstall.bin
c:\programdata\Roaming
c:\users\Manuel\AppData\Local\assembly\tmp
c:\users\x203\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-16 bis 2015-01-16  ))))))))))))))))))))))))))))))
.
.
2015-01-16 14:40 . 2015-01-16 14:40        --------        d-----w-        c:\users\x203\AppData\Local\temp
2015-01-16 11:38 . 2015-01-16 11:38        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2015-01-16 11:36 . 2015-01-16 11:36        --------        d-----w-        c:\program files (x86)\Revo Uninstaller
2015-01-16 07:30 . 2014-12-15 03:13        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{36BBD20A-98D5-418C-AC94-BE847FBF5344}\mpengine.dll
2015-01-15 18:55 . 2015-01-15 18:55        --------        d-----w-        c:\programdata\Emsisoft
2015-01-15 18:31 . 2015-01-16 12:46        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware
2015-01-15 14:12 . 2015-01-15 14:12        --------        d-----w-        c:\windows\ERUNT
2015-01-15 13:49 . 2015-01-15 13:49        --------        d-----w-        c:\programdata\Avg_Update_1014av
2015-01-15 13:24 . 2015-01-15 13:24        12872        ----a-w-        c:\windows\system32\bootdelete.exe
2015-01-15 09:54 . 2015-01-15 09:54        --------        d-----w-        c:\programdata\GridinSoft
2015-01-15 09:51 . 2015-01-15 14:02        --------        d-----w-        c:\users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 09:46 . 2015-01-15 09:46        --------        d-----w-        c:\program files (x86)\ESET
2015-01-14 13:02 . 2015-01-16 10:17        --------        d-----w-        C:\FRST
2015-01-14 11:16 . 2015-01-14 11:16        --------        d-----w-        C:\_OTL
2015-01-14 11:08 . 2015-01-14 11:08        --------        d-sh--w-        c:\users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 09:28 . 2015-01-14 09:27        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2015-01-14 09:28 . 2015-01-14 09:28        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Avira
2015-01-14 09:27 . 2015-01-14 09:27        --------        d-----w-        c:\users\x203\AppData\Roaming\Avira
2015-01-14 09:25 . 2014-11-24 09:23        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2015-01-14 09:25 . 2014-11-24 09:23        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-01-14 09:25 . 2014-11-24 09:23        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-01-14 09:10 . 2015-01-14 09:25        --------        d-----w-        c:\programdata\Avira
2015-01-14 08:54 . 2015-01-15 13:24        --------        d-----w-        c:\program files\HitmanPro
2015-01-14 08:08 . 2015-01-14 08:08        --------        d-----w-        c:\programdata\Network Associates
2015-01-14 08:07 . 2015-01-14 08:08        --------        d-----w-        c:\program files (x86)\Common Files\Network Associates
2015-01-14 08:06 . 2015-01-14 08:23        --------        d-----w-        c:\windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 08:03 . 2015-01-15 13:48        --------        d-----w-        C:\AdwCleaner
2015-01-13 17:36 . 2015-01-13 17:36        --------        d-s---w-        c:\windows\SysWow64\Microsoft
2015-01-13 17:34 . 2015-01-14 09:25        --------        d-----w-        c:\program files (x86)\Avira
2015-01-13 16:29 . 2015-01-13 17:39        --------        d-----w-        c:\programdata\AVAST Software
2015-01-13 15:58 . 2015-01-13 15:58        --------        d-----w-        c:\users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 10:48 . 2015-01-13 10:48        --------        d-----w-        c:\users\x203\AppData\Local\Avg2014
2015-01-12 16:44 . 2015-01-13 14:21        --------        d-----w-        c:\users\Manuel\AppData\Local\Android
2015-01-12 15:03 . 2015-01-12 23:23        --------        d-----w-        C:\Flashtool
2015-01-10 20:11 . 2015-01-13 08:22        --------        d-----w-        c:\programdata\Sony Mobile
2015-01-10 19:52 . 2015-01-10 19:52        --------        d-----w-        c:\users\x203\.android
2015-01-10 19:38 . 2015-01-10 19:38        --------        d-----w-        c:\users\x203\.swt
2015-01-10 16:15 . 2015-01-10 16:15        30424        ----a-w-        c:\windows\system32\drivers\ggsomc.sys
2015-01-10 16:15 . 2015-01-10 16:15        16088        ----a-w-        c:\windows\system32\drivers\ggflt.sys
2015-01-10 12:49 . 2015-01-10 12:49        --------        d-----w-        c:\users\Manuel\.jmc
2015-01-10 12:49 . 2015-01-10 12:49        --------        d-----w-        c:\users\Manuel\.eclipse
2015-01-10 12:39 . 2015-01-10 12:39        --------        d-----w-        c:\users\x203\.AndroidStudio
2015-01-10 12:39 . 2015-01-10 12:39        --------        d-----w-        c:\users\Manuel\.AndroidStudio
2015-01-10 12:34 . 2015-01-13 11:25        --------        d-----w-        c:\program files\Android
2015-01-10 12:32 . 2015-01-11 10:01        312728        ----a-w-        c:\windows\system32\javaws.exe
2015-01-10 12:32 . 2015-01-11 10:02        111000        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-10 12:32 . 2015-01-11 10:01        191384        ----a-w-        c:\windows\system32\javaw.exe
2015-01-10 12:32 . 2015-01-11 10:01        190872        ----a-w-        c:\windows\system32\java.exe
2015-01-10 12:31 . 2015-01-11 10:01        --------        d-----w-        c:\program files\Java
2015-01-09 07:59 . 2015-01-09 08:00        --------        d-----w-        c:\programdata\Stardock
2015-01-08 17:57 . 2015-01-10 18:38        --------        d-----w-        c:\programdata\SP_FT_Logs
2015-01-08 17:24 . 2015-01-08 18:49        --------        d-----w-        c:\users\Manuel\AppData\Roaming\GHISLER
2015-01-08 17:24 . 2015-01-08 20:00        --------        d-----w-        c:\program files (x86)\totalcmd
2015-01-08 17:24 . 2015-01-08 17:24        --------        d-----w-        c:\users\x203\AppData\Roaming\GHISLER
2015-01-07 14:19 . 2015-01-07 14:19        --------        d-----w-        c:\users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 14:18 . 2015-01-07 14:18        --------        d-----w-        c:\users\Manuel\AppData\Roaming\EIZO
2015-01-07 14:18 . 2015-01-07 14:18        --------        d-----w-        c:\users\x203\AppData\Roaming\EIZO
2015-01-07 14:18 . 2015-01-11 09:30        --------        d-----w-        c:\program files (x86)\EIZO
2015-01-07 14:17 . 2015-01-10 10:22        --------        d-----w-        c:\users\x203\AppData\Local\Downloaded Installations
2015-01-06 09:30 . 2015-01-06 09:30        --------        d-----w-        c:\users\Manuel\AppData\Local\Foxit Reader
2015-01-02 12:44 . 2015-01-02 12:47        --------        d-----w-        c:\users\Manuel\AppData\Local\CyberGhost
2015-01-02 12:44 . 2015-01-02 12:44        --------        d-----w-        c:\program files\TAP-Windows
2015-01-02 12:44 . 2015-01-02 12:44        --------        d-----w-        c:\program files\CyberGhost 5
2014-12-18 09:48 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-18 09:48 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-17 18:38 . 2014-12-17 18:38        --------        d-----w-        c:\users\Manuel\AppData\Roaming\FreeCommander
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 09:58 . 2014-09-15 17:48        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 16:07 . 2013-11-19 11:33        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 16:07 . 2013-11-19 11:33        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 10:11 . 2013-10-21 20:44        113365784        ----a-w-        c:\windows\system32\MRT.exe
2015-01-13 10:46 . 2014-05-30 08:05        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2015-01-08 08:55 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-04 02:50 . 2014-12-11 08:11        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 08:11        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 08:11        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 08:11        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 08:11        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 08:11        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 08:11        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 08:11        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 08:10        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-23 16:36 . 2014-01-02 17:02        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-22 03:13 . 2014-12-11 08:10        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 08:10        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 08:10        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 08:10        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 08:10        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 08:10        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 08:10        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 08:10        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 08:10        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 08:10        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 08:10        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 08:10        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 08:10        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 08:10        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 08:10        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 08:10        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 08:10        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 08:10        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 08:10        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 08:10        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 08:10        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 08:10        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 08:10        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 08:10        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 08:10        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 08:10        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 08:10        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 08:10        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 08:10        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 08:10        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 08:10        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 08:10        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 08:10        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 08:10        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 08:10        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 08:10        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 08:10        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 08:10        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 08:10        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-09-15 17:47        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-09-15 17:47        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-09-15 17:47        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-11-18 19:47 . 2014-11-18 19:47        1691816        ----a-w-        c:\windows\system32\FM20.DLL
2014-11-14 05:07 . 2013-05-15 04:27        2692848        ------w-        c:\windows\PWMBTHLV.EXE
2014-11-14 05:07 . 2013-05-15 04:27        29512        ----a-w-        c:\windows\system32\drivers\DZHDD64.SYS
2014-11-14 05:07 . 2013-05-15 04:27        2861296        ----a-w-        c:\windows\system32\PWMCP64V.cpl
2014-11-14 05:07 . 2013-05-15 04:27        20736        ----a-w-        c:\windows\system32\drivers\TPPWR64V.SYS
2014-11-11 03:09 . 2014-12-11 08:10        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:48        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:48        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 08:10        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:48        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:48        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 08:10        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 08:08        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 08:08        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 08:08        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 08:08        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-10-28 14:59 . 2014-09-26 15:37        20160        ----a-w-        c:\windows\system32\drivers\GUBootStartup.sys
2014-10-25 01:57 . 2014-11-12 08:28        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 08:28        67584        ----a-w-        c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-11-14 6371568]
.
c:\users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2014-9-16 222384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EIZO ScreenSlicer.lnk - c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe [2015-1-7 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Lenovo Registration"=c:\program files (x86)\Lenovo Registration\LenovoReg.exe /boot
"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
"PWMTRV"=rundll32 "c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R4 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe;c:\program files\Tablet\ISD\ISD_Tablet.exe [x]
S2 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [x]
S2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe;c:\program files\Tablet\ISD\ISD_TouchService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WebUpdate4;Web Update Wizard Service V4;c:\program files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe;c:\program files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 WTabletServiceISD;Wacom ISD Service;c:\program files\Tablet\ISD\WTabletServiceISD.exe;c:\program files\Tablet\ISD\WTabletServiceISD.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 l36wscard; Mobile Broadband USIM Port;c:\windows\system32\DRIVERS\l36wscard.sys;c:\windows\SYSNATIVE\DRIVERS\l36wscard.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys;c:\windows\SYSNATIVE\DRIVERS\WacomVTHid.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19 16:07]
.
2015-01-16 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05 05:16]
.
2014-11-24 c:\windows\Tasks\Norton Product InstallerIdle.job
- c:\windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03 18:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2014-08-07 295712]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-09-16 63728]
"TpShocks"="TpShocks.exe" [2014-09-18 555736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\x203\AppData\Local\Temp\ie_script.htm
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-16  16:13:35
ComboFix-quarantined-files.txt  2015-01-16 15:13
.
Vor Suchlauf: 15 Verzeichnis(se), 23'481'569'280 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 23'075'418'112 Bytes frei
.
- - End Of File - - 2DA076E6B2C1E569D1868A186761A891

schrauber 16.01.2015 19:44
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

maga84 16.01.2015 21:15
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.01.2015
Suchlauf-Zeit: 20:47:44
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.01.16.10
Rootkit Datenbank: v2015.01.14.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Manuel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 300915
Verstrichene Zeit: 5 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.107 - Bericht erstellt am 16/01/2015 um 20:54:43
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : x203 - ADMIN-MANUEL
# Gestartet von : C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 de)


*************************

AdwCleaner[R10].txt - [3776 octets] - [14/01/2015 09:03:25]
AdwCleaner[R11].txt - [2952 octets] - [14/01/2015 11:44:48]
AdwCleaner[R12].txt - [1975 octets] - [15/01/2015 14:47:08]
AdwCleaner[R13].txt - [1171 octets] - [16/01/2015 18:11:15]
AdwCleaner[R14].txt - [887 octets] - [16/01/2015 20:54:43]
AdwCleaner[S10].txt - [1187 octets] - [16/01/2015 18:22:19]
AdwCleaner[S8].txt - [3819 octets] - [14/01/2015 09:04:40]
AdwCleaner[S9].txt - [3022 octets] - [14/01/2015 11:56:02]

########## EOF - \AdwCleaner\AdwCleaner[R14].txt - [1128 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by x203 on 16.01.2015 at 21:01:20.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\x203\AppData\Roaming\mozilla\firefox\profiles\ci9uc6ip.default\prefs.js

user_pref("extensions.rBRO9pjpqFz3Gu2L.url", "hxxp://syncerjpi.info/sync2/?q=hfZ9ofV9CShEAen0rTa6qTUMg708BNmGWj8dichGheDUojw8rdwFrTsFrHaGqchIC7n0rjkErjwHrjk8qHkFtNhVCT94tMVKhd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2015 at 21:04:35.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 16-01-2015 21:10:36
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 21:04 - 2015-01-16 21:04 - 00000946 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-16 20:48 - 2015-01-16 20:48 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-16 20:42 - 2015-01-16 21:10 - 00028969 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-16 18:35 - 2015-01-16 18:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-16 18:26 - 2015-01-16 21:06 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 18:26 - 2015-01-16 20:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:26 - 2015-01-16 18:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-16 18:26 - 2015-01-16 18:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-16 18:26 - 2015-01-16 18:26 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 18:26 - 2015-01-16 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 17:23 - 2015-01-16 17:23 - 00001724 _____ () C:\Users\Manuel\Desktop\omlag71i.default-1421310525556 - Verknüpfung.lnk
2015-01-16 16:59 - 2015-01-16 16:59 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-16 16:56 - 2015-01-16 16:56 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-16 16:51 - 2015-01-16 16:51 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-16 16:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-16 16:47 - 2015-01-16 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-16 16:47 - 2015-01-16 16:47 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-16 16:34 - 2015-01-16 16:34 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Macromedia
2015-01-16 16:14 - 2015-01-16 16:14 - 00044315 _____ () C:\ComboFix.txt
2015-01-16 15:18 - 2015-01-16 15:18 - 00001584 _____ () C:\Users\Manuel\Desktop\Revouninstaller.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 12:28 - 2015-01-16 12:36 - 00001113 _____ () C:\Users\x203\Desktop\Revo Uninstaller.lnk
2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt
2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp
2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-16 13:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-16 16:16 - 00000000 ____D () C:\Qoobox
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-16 15:16 - 00003254 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 09:51 - 2015-01-16 21:05 - 00496156 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-16 21:05 - 00004548 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-16 21:10 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-16 16:50 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-16 20:55 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-16 16:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33
2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:38 - 2014-12-17 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\FreeCommander

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 21:09 - 2013-05-15 05:28 - 01177126 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 21:07 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-16 21:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 21:06 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-16 21:06 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-16 21:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 21:03 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 21:03 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 21:03 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 21:03 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 21:03 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 21:02 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-16 18:26 - 2013-10-27 09:56 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Google
2015-01-16 18:26 - 2013-05-15 05:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-16 18:23 - 2014-12-08 10:30 - 01022464 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-16 16:47 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-16 16:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 16:04 - 2014-01-01 17:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 15:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop
2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe
2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi
2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin
2014-12-17 14:46 - 2013-11-12 19:09 - 00000080 _____ () C:\Users\x203\Documents\R Verzeichnis wechseln.R

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe
C:\Users\x203\AppData\Local\temp\Quarantine.exe
C:\Users\x203\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-16 21:10:58
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-01-2015 19:20:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-16 11:03 - 2015-01-16 14:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06DCFC04-6BA5-45A1-A87C-2AB6D5B07FB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {326D759E-1B50-476F-8ACE-CA0912537815} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION
Task: {3807F458-4445-431C-898E-980905E16691} - \TubeSaver-15-updater No Task File <==== ATTENTION
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49D3B875-F572-4023-9D26-A845D020A2F7} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9A209F4B-E899-4C8C-A211-FD8997DFC557} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4884143-8D6C-4A9B-94FB-13419383DF56} - \TubeSaver-15-enabler No Task File <==== ATTENTION
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe

==================== Loaded Modules (whitelisted) =============

2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-09-26 16:35 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-26 16:35 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-26 16:35 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 09:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x7f4
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (01/16/2015 09:07:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 09:05:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847


Microsoft Office Sessions:
=========================
Error: (01/16/2015 09:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d27f401d031c7d94fa442C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe77a7c0ad-9dbb-11e4-88fb-028037ec0200

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600

Error: (01/16/2015 09:06:20 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600


CodeIntegrity Errors:
===================================
  Date: 2015-01-16 13:58:16.187
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-16 13:58:16.140
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 7887.8 MB
Available physical RAM: 4680.63 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 12398.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:21.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

==================== End Of Log ============================

EIN DICKES DANKE NOCHMAL FÜR DIE MÜHE!

schrauber 17.01.2015 12:33
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {326D759E-1B50-476F-8ACE-CA0912537815} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION

Task: {3807F458-4445-431C-898E-980905E16691} - \TubeSaver-15-updater No Task File <==== ATTENTION

Task: {49D3B875-F572-4023-9D26-A845D020A2F7} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION

Task: {D4884143-8D6C-4A9B-94FB-13419383DF56} - \TubeSaver-15-enabler No Task File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

maga84 17.01.2015 14:46
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015
Ran by x203 at 2015-01-17 12:40:10 Run:1
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {326D759E-1B50-476F-8ACE-CA0912537815} - \TubeSaver-15-chromeinstaller No Task File <==== ATTENTION

Task: {3807F458-4445-431C-898E-980905E16691} - \TubeSaver-15-updater No Task File <==== ATTENTION

Task: {49D3B875-F572-4023-9D26-A845D020A2F7} - \TubeSaver-15-codedownloader No Task File <==== ATTENTION

Task: {D4884143-8D6C-4A9B-94FB-13419383DF56} - \TubeSaver-15-enabler No Task File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
Emptytemp:
       
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{326D759E-1B50-476F-8ACE-CA0912537815}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{326D759E-1B50-476F-8ACE-CA0912537815}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TubeSaver-15-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3807F458-4445-431C-898E-980905E16691}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3807F458-4445-431C-898E-980905E16691}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TubeSaver-15-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49D3B875-F572-4023-9D26-A845D020A2F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49D3B875-F572-4023-9D26-A845D020A2F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TubeSaver-15-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4884143-8D6C-4A9B-94FB-13419383DF56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4884143-8D6C-4A9B-94FB-13419383DF56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TubeSaver-15-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
EmptyTemp: => Removed 167.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:40:16 ====
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1089339ab32293468220d57d97cda6a0
# engine=21977
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-15 10:32:45
# local_time=2015-01-15 11:32:45 (+0100, Mitteleuropäische Zeit    )
# country="Switzerland"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 13411 4500565 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 94179 172947815 0 0
# scanned=264332
# found=15
# cleaned=14
# scan_time=2645
sh=4D994F46965332EC3B3FBF6751A6EC429B12ECFE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\ocbkapddahhgnlmahbgabheclmnpbfma\C9C.js"
sh=83A4DF88288D27586697D9CF56D18E5CB77D16C2 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5ua5utd5.default\Extensions\1@yK1g3mqHQ.net\content\bg.js.vir"
sh=66FAE1ACBC7D67FA771B9CD986D3D8A8E7714FA2 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5ua5utd5.default\Extensions\K@czYxbE.com\content\bg.js.vir"
sh=83A4DF88288D27586697D9CF56D18E5CB77D16C2 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\Extensions\1@yK1g3mqHQ.net\content\bg.js.vir"
sh=66FAE1ACBC7D67FA771B9CD986D3D8A8E7714FA2 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\Extensions\K@czYxbE.com\content\bg.js.vir"
sh=26BD5415E43B1B91064A6833034EE51B0600F4D2 ft=1 fh=14cc467e54c019eb vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\WinZip Malware Protector\AppManager.exe"
sh=4E5E84B58B0267D57D07AB3F97CF6F9A28A09BCA ft=1 fh=c52573aa99100db8 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe"
sh=1B17EF1DD2376A4D929828BC00994D590BFB977D ft=1 fh=ce4dc8a856b9d6ee vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\WinZip Malware Protector\scandll.dll"
sh=CE29A117A96DEED1BEA6B7C4E3DF506CA0D322A4 ft=1 fh=f579473727f97194 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe"
sh=0EE527C0CF24387F9FEAD1E5D971B8E4D484557A ft=1 fh=9a4545f853f316be vn="Variante von Win32/Systweak.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\WinZip Malware Protector\WMPUninstall.exe"
sh=4D994F46965332EC3B3FBF6751A6EC429B12ECFE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\ocbkapddahhgnlmahbgabheclmnpbfma\C9C.js"
sh=90A303B989CEF825E608556BE96A991A90F22CBB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\chrome-default-bup\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\228\OgZ5dpqFu.js"
sh=90A303B989CEF825E608556BE96A991A90F22CBB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\228\OgZ5dpqFu.js"
sh=B7A1757508588C3F277B97F877A74350068370AD ft=1 fh=49b56f64fa90416e vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Manuel\Downloads\wzmp_8.exe"
sh=C01917EA39FB01AA4C6BFF5E181C1E8D69DC8815 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Manuel\Downloads\EasyRootTool v12.4\files\libexploit.so"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1089339ab32293468220d57d97cda6a0
# engine=22013
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-17 01:09:03
# local_time=2015-01-17 02:09:03 (+0100, Mitteleuropäische Zeit    )
# country="Switzerland"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 14198 4682743 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 81559 173129993 0 0
# scanned=352084
# found=0
# cleaned=0
# scan_time=4877
Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.257 
 Mozilla Firefox (35.0)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Spybot Teatimer.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 17-01-2015 14:40:34
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Manuel\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 14:40 - 2015-01-17 14:40 - 00028585 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-17 14:39 - 2015-01-17 14:39 - 00001020 _____ () C:\Users\Manuel\Desktop\checkup.txt
2015-01-17 12:45 - 2015-01-17 12:45 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe
2015-01-17 12:37 - 2015-01-17 12:37 - 00852504 _____ () C:\Users\Manuel\Desktop\SecurityCheck.exe
2015-01-16 21:04 - 2015-01-16 21:04 - 00000946 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-16 20:48 - 2015-01-16 20:48 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-16 18:35 - 2015-01-16 18:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-16 18:26 - 2015-01-17 14:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:26 - 2015-01-17 12:42 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 18:26 - 2015-01-16 18:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-16 18:26 - 2015-01-16 18:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-16 18:26 - 2015-01-16 18:26 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 18:26 - 2015-01-16 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 17:23 - 2015-01-16 17:23 - 00001724 _____ () C:\Users\Manuel\Desktop\omlag71i.default-1421310525556 - Verknüpfung.lnk
2015-01-16 16:59 - 2015-01-16 16:59 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-16 16:56 - 2015-01-16 16:56 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-16 16:51 - 2015-01-16 16:51 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-16 16:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-16 16:47 - 2015-01-16 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-16 16:47 - 2015-01-16 16:47 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-16 16:34 - 2015-01-16 16:34 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Macromedia
2015-01-16 16:14 - 2015-01-16 16:14 - 00044315 _____ () C:\ComboFix.txt
2015-01-16 15:18 - 2015-01-16 15:18 - 00001584 _____ () C:\Users\Manuel\Desktop\Revouninstaller.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 12:28 - 2015-01-16 12:36 - 00001113 _____ () C:\Users\x203\Desktop\Revo Uninstaller.lnk
2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt
2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp
2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-16 13:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-16 16:16 - 00000000 ____D () C:\Qoobox
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-16 15:16 - 00003254 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 10:46 - 2015-01-15 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 09:51 - 2015-01-17 12:51 - 00005107 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-17 12:41 - 00497182 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-17 14:40 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-16 16:50 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-16 20:55 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-16 16:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33
2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 14:39 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-17 14:13 - 2013-05-15 05:28 - 01223391 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 14:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 12:49 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 12:49 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 12:47 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-17 12:47 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-17 12:47 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 12:41 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-17 12:41 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-17 12:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 21:02 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-16 18:26 - 2013-10-27 09:56 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Google
2015-01-16 18:26 - 2013-05-15 05:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-16 18:23 - 2014-12-08 10:30 - 01022464 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-16 16:47 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-16 16:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 16:04 - 2014-01-01 17:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 15:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop
2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe
2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 11:09 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi
2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49

==================== End Of Log ============================
--- --- ---

--- --- ---

maga84 17.01.2015 16:30
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-17 14:40:56
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-01-2015 19:20:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-16 11:03 - 2015-01-16 14:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06DCFC04-6BA5-45A1-A87C-2AB6D5B07FB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9A209F4B-E899-4C8C-A211-FD8997DFC557} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe

==================== Loaded Modules (whitelisted) =============

2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-17 12:37 - 2015-01-17 12:37 - 00852504 _____ () C:\Users\Manuel\Desktop\SecurityCheck.exe
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-09-26 16:35 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-26 16:35 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-26 16:35 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-16 12:38 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 02:36:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/17/2015 02:14:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 00:46:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 00:45:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (01/17/2015 00:44:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/17/2015 00:40:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/17/2015 11:08:08 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 09:07:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 09:05:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847


Microsoft Office Sessions:
=========================
Error: (01/17/2015 02:36:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-3.0.2\Tcl\bin64\tk85.dllc:\program files\R\r-3.0.2\Tcl\bin64\tk85.dll9

Error: (01/17/2015 02:14:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe

Error: (01/17/2015 00:46:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe

Error: (01/17/2015 00:45:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600

Error: (01/17/2015 00:42:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600


CodeIntegrity Errors:
===================================
  Date: 2015-01-16 13:58:16.187
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-16 13:58:16.140
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 7887.8 MB
Available physical RAM: 4719.63 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 12165.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:21.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:13.43 GB) (Free:12.17 GB) FAT32
Drive f: () (Removable) (Total:1.86 GB) (Free:0.78 GB) FAT
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

========================================================
Disk: 3 (Size: 13.4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 4 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Also UNISALES hat sich jetzt erstmal verdückt. Ist weder Im Chrome, Firefox, noch IExplorer unter den AddOns.

Du hast erwähnt, das ich über nen Malwar Proxy surfe. Isat das nun auch erledigt?

Kann ich dir für deine große Hilfe irgendwie ein Bier oder nen Kaffee zahlen? ;-)
Vielen vielen Dank!

Ach was ich noch erwähnen wollte: Zum Eset Online Scanner ist nichts erwähnt, dass man Offline gehen muss, wenn man Anti-Virus-Programm und Firewall deaktiviert.
Ich bin offline gegangen und hoffe, daß der Scann so trotzdem funktioniert. Wollte nicht online sein, wenn ich meine Hosen runter lasse, durch ausgeschaltete Firewall und Anti-Virus-Programm.

schrauber 17.01.2015 19:51
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\All Users\ocbkapddahhgnlmahbgabheclmnpbfma

C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5ua5utd5.default\Extensions\1@yK1g3mqHQ.net\content\bg.js.vir

C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5ua5utd5.default\Extensions\K@czYxbE.com\content\bg.js.vir

C:\AdwCleaner\Quarantine\C\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\Extensions\1@yK1g3mqHQ.net\content\bg.js.vir

C:\AdwCleaner\Quarantine\C\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\Extensions\K@czYxbE.com\content\bg.js.vir

C:\Program Files (x86)\WinZip Malware Protector

C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\chrome-default-bup\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\228\OgZ5dpqFu.js

C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\228\OgZ5dpqFu.js

C:\Users\Manuel\Downloads\wzmp_8.exe

C:\Users\Manuel\Downloads\EasyRootTool v12.4\files\libexploit.so
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



frisches FRST log bitte.

maga84 17.01.2015 20:09
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015
Ran by x203 at 2015-01-17 20:04:29 Run:2
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\All Users\ocbkapddahhgnlmahbgabheclmnpbfma

C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5ua5utd5.default\Extensions\1@yK1g3mqHQ.net\content\bg.js.vir

C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5ua5utd5.default\Extensions\K@czYxbE.com\content\bg.js.vir

C:\AdwCleaner\Quarantine\C\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\Extensions\1@yK1g3mqHQ.net\content\bg.js.vir

C:\AdwCleaner\Quarantine\C\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\Extensions\K@czYxbE.com\content\bg.js.vir

C:\Program Files (x86)\WinZip Malware Protector

C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\chrome-default-bup\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\228\OgZ5dpqFu.js

C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\228\OgZ5dpqFu.js

C:\Users\Manuel\Downloads\wzmp_8.exe

C:\Users\Manuel\Downloads\EasyRootTool v12.4\files\libexploit.so
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
Emptytemp:
       
*****************

"C:\Users\All Users\ocbkapddahhgnlmahbgabheclmnpbfma" => File/Directory not found.
"C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5ua5utd5.default\Extensions\1@yK1g3mqHQ.net\content\bg.js.vir" => File/Directory not found.
"C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5ua5utd5.default\Extensions\K@czYxbE.com\content\bg.js.vir" => File/Directory not found.
"C:\AdwCleaner\Quarantine\C\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\Extensions\1@yK1g3mqHQ.net\content\bg.js.vir" => File/Directory not found.
"C:\AdwCleaner\Quarantine\C\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default\Extensions\K@czYxbE.com\content\bg.js.vir" => File/Directory not found.
"C:\Program Files (x86)\WinZip Malware Protector" => File/Directory not found.
"C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\chrome-default-bup\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\228\OgZ5dpqFu.js" => File/Directory not found.
"C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\228\OgZ5dpqFu.js" => File/Directory not found.
"C:\Users\Manuel\Downloads\wzmp_8.exe" => File/Directory not found.
"C:\Users\Manuel\Downloads\EasyRootTool v12.4\files\libexploit.so" => File/Directory not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 4.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:04:36 ====
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 17-01-2015 20:07:29
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 20:07 - 2015-01-17 20:07 - 00028612 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-17 14:39 - 2015-01-17 14:39 - 00001020 _____ () C:\Users\Manuel\Desktop\checkup.txt
2015-01-17 12:45 - 2015-01-17 12:45 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe
2015-01-17 12:37 - 2015-01-17 12:37 - 00852504 _____ () C:\Users\Manuel\Downloads\SecurityCheck.exe
2015-01-16 21:04 - 2015-01-16 21:04 - 00000946 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-16 20:48 - 2015-01-16 20:48 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-16 18:35 - 2015-01-16 18:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-16 18:26 - 2015-01-17 20:06 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 18:26 - 2015-01-17 19:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:26 - 2015-01-16 18:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-16 18:26 - 2015-01-16 18:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-16 18:26 - 2015-01-16 18:26 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 18:26 - 2015-01-16 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 17:23 - 2015-01-16 17:23 - 00001724 _____ () C:\Users\Manuel\Desktop\omlag71i.default-1421310525556 - Verknüpfung.lnk
2015-01-16 16:59 - 2015-01-16 16:59 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-16 16:56 - 2015-01-16 16:56 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-16 16:51 - 2015-01-16 16:51 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-16 16:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-16 16:47 - 2015-01-16 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-16 16:47 - 2015-01-16 16:47 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-16 16:34 - 2015-01-16 16:34 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Macromedia
2015-01-16 16:14 - 2015-01-16 16:14 - 00044315 _____ () C:\ComboFix.txt
2015-01-16 15:18 - 2015-01-16 15:18 - 00001584 _____ () C:\Users\Manuel\Desktop\Revouninstaller.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 12:28 - 2015-01-16 12:36 - 00001113 _____ () C:\Users\x203\Desktop\Revo Uninstaller.lnk
2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt
2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp
2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-16 13:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-16 16:16 - 00000000 ____D () C:\Qoobox
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-16 15:16 - 00003254 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 09:51 - 2015-01-17 20:05 - 00497914 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-17 20:05 - 00005163 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-17 20:07 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-16 16:50 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-16 20:55 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-16 16:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33
2014-12-18 10:48 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 20:07 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-17 20:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 20:06 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-17 20:05 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-17 20:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 20:04 - 2013-05-15 05:28 - 01232974 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 18:54 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-17 14:40 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 14:40 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 12:47 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-17 12:47 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-17 12:47 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 21:02 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-16 18:26 - 2013-10-27 09:56 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Google
2015-01-16 18:26 - 2013-05-15 05:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-16 18:23 - 2014-12-08 10:30 - 01022464 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-16 16:47 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-16 16:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 16:04 - 2014-01-01 17:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 15:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop
2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe
2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi
2014-12-18 11:56 - 2014-12-06 14:53 - 00000000 ____D () C:\Users\x203\Desktop\Katalog Admin

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49

==================== End Of Log ============================
--- --- ---

--- --- ---


ADDITION
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-17 20:07:53
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-01-2015 19:20:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-16 11:03 - 2015-01-16 14:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06DCFC04-6BA5-45A1-A87C-2AB6D5B07FB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9A209F4B-E899-4C8C-A211-FD8997DFC557} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe

==================== Loaded Modules (whitelisted) =============

2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-09-26 16:35 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-26 16:35 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-26 16:35 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2015-01-16 12:38 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 18:26 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 08:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x19b8
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x2814
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/17/2015 02:43:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 02:36:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (01/17/2015 08:07:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/17/2015 08:05:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847

Error: (01/17/2015 08:04:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/17/2015 00:44:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/17/2015 00:40:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/17/2015 11:08:08 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 09:07:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 09:05:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847


Microsoft Office Sessions:
=========================
Error: (01/17/2015 08:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d219b801d0328899a8d09cC:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exedeae5406-9e7b-11e4-8db0-028037ec0200

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600

Error: (01/17/2015 08:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425281401d0325c8fd48867C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla98c9b17-9e7b-11e4-88c1-028037ec0200

Error: (01/17/2015 02:43:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/17/2015 02:36:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-3.0.2\Tcl\bin64\tk85.dllc:\program files\R\r-3.0.2\Tcl\bin64\tk85.dll9


CodeIntegrity Errors:
===================================
  Date: 2015-01-16 13:58:16.187
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-16 13:58:16.140
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 37%
Total physical RAM: 7887.8 MB
Available physical RAM: 4907.92 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 12423.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:21.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

==================== End Of Log ============================

schrauber 17.01.2015 23:37
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



und nochmal ein frisches FRST log bitte.

maga84 18.01.2015 11:22
Fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015
Ran by x203 at 2015-01-18 11:16:19 Run:3
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50083;https=127.0.0.1:50083
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

==== End of Fixlog 11:16:19 ====
FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by x203 (administrator) on ADMIN-MANUEL on 18-01-2015 11:18:15
Running from C:\Users\Manuel\Downloads
Loaded Profiles: x203 & Manuel (Available profiles: x203 & Manuel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Spotify Ltd) C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2014-09-16] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Spotify Web Helper] => C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {88018163-5feb-11e3-8408-028037ec0200} - V:\SETUP.EXE
HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\MountPoints2: {fa8f8a90-42e2-11e3-857c-028037ec0200} - E:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {5E55F183-AB4F-4D43-BF3C-D551B42FA02B} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162

FireFox:
========
FF ProfilePath: C:\Users\x203\AppData\Roaming\Mozilla\Firefox\Profiles\ci9uc6ip.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-15]
FF HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-05-29]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [577848 2013-09-24] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-01-10] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-28] (Glarysoft Ltd)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 l36wscard; C:\Windows\System32\DRIVERS\l36wscard.sys [61992 2011-01-14] (Ericsson AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281840 2013-02-19] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 20:07 - 2015-01-18 11:18 - 00027914 _____ () C:\Users\Manuel\Downloads\FRST.txt
2015-01-17 14:39 - 2015-01-17 14:39 - 00001020 _____ () C:\Users\Manuel\Desktop\checkup.txt
2015-01-17 12:45 - 2015-01-17 12:45 - 02347384 _____ (ESET) C:\Users\Manuel\Downloads\esetsmartinstaller_deu.exe
2015-01-17 12:37 - 2015-01-17 12:37 - 00852504 _____ () C:\Users\Manuel\Downloads\SecurityCheck.exe
2015-01-16 21:04 - 2015-01-16 21:04 - 00000946 _____ () C:\Users\x203\Desktop\JRT.txt
2015-01-16 20:48 - 2015-01-16 20:48 - 01707939 _____ (Thisisu) C:\Users\Manuel\Downloads\JRT.exe
2015-01-16 18:35 - 2015-01-16 18:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-16 18:26 - 2015-01-18 11:08 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 18:26 - 2015-01-17 21:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:26 - 2015-01-16 18:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-16 18:26 - 2015-01-16 18:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-16 18:26 - 2015-01-16 18:26 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 18:26 - 2015-01-16 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 17:23 - 2015-01-16 17:23 - 00001724 _____ () C:\Users\Manuel\Desktop\omlag71i.default-1421310525556 - Verknüpfung.lnk
2015-01-16 16:59 - 2015-01-16 16:59 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Avira
2015-01-16 16:56 - 2015-01-16 16:56 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Avira
2015-01-16 16:51 - 2015-01-16 16:51 - 00002081 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-16 16:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-16 16:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-16 16:47 - 2015-01-16 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-16 16:47 - 2015-01-16 16:47 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-16 16:34 - 2015-01-16 16:34 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Macromedia
2015-01-16 16:14 - 2015-01-16 16:14 - 00044315 _____ () C:\ComboFix.txt
2015-01-16 15:18 - 2015-01-16 15:18 - 00001584 _____ () C:\Users\Manuel\Desktop\Revouninstaller.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:38 - 2015-01-16 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 12:28 - 2015-01-16 12:36 - 00001113 _____ () C:\Users\x203\Desktop\Revo Uninstaller.lnk
2015-01-16 11:05 - 2015-01-16 11:05 - 00000883 _____ () C:\Users\x203\Desktop\hosts.txt
2015-01-16 10:23 - 2015-01-16 10:23 - 00283128 _____ () C:\Windows\Minidump\011615-8845-01.dmp
2015-01-16 10:23 - 2015-01-16 10:23 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:55 - 2015-01-15 19:55 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-15 19:32 - 2015-01-15 19:32 - 00050477 _____ () C:\Users\Manuel\Downloads\Defogger.exe
2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\Users\x203\defogger_reenable
2015-01-15 19:31 - 2015-01-16 13:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-15 19:29 - 2015-01-15 19:29 - 00001479 _____ () C:\Users\x203\Desktop\GMER.log
2015-01-15 19:20 - 2015-01-15 19:20 - 00380416 _____ () C:\Users\Manuel\Downloads\Gmer-19357.exe
2015-01-15 19:06 - 2015-01-15 19:06 - 02125312 _____ (Farbar) C:\Users\Manuel\Downloads\FRST64.exe
2015-01-15 15:18 - 2015-01-15 15:18 - 00003704 _____ () C:\Users\x203\Desktop\Rkill.txt
2015-01-15 15:18 - 2015-01-15 15:18 - 00000000 ____D () C:\Users\x203\Desktop\rkill
2015-01-15 15:12 - 2015-01-15 15:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:11 - 2015-01-16 16:16 - 00000000 ____D () C:\Qoobox
2015-01-15 15:05 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\Manuel\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 15:00 - 2015-01-15 15:00 - 00111448 _____ () C:\Users\x203\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 14:59 - 2015-01-15 14:59 - 00000000 _____ () C:\Users\x203\Desktop\CProgramDataMicrosoftWindowsCaches.txt
2015-01-15 14:49 - 2015-01-15 14:49 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-15 14:24 - 2015-01-15 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-15 10:54 - 2015-01-16 15:16 - 00003254 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-01-15 10:54 - 2015-01-15 10:54 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-01-15 10:51 - 2015-01-15 15:02 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Nico Mak Computing
2015-01-15 09:51 - 2015-01-18 11:18 - 00005517 _____ () C:\Windows\setupact.log
2015-01-15 09:51 - 2015-01-18 11:07 - 00498208 _____ () C:\Windows\PFRO.log
2015-01-15 09:51 - 2015-01-15 09:51 - 05054584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:51 - 2015-01-15 09:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 09:28 - 2015-01-15 09:28 - 00000000 ____D () C:\Users\Manuel\Desktop\Old Firefox Data
2015-01-14 14:02 - 2015-01-18 11:18 - 00000000 ____D () C:\FRST
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\_OTL
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 __SHD () C:\Users\x203\AppData\Local\EmieBrowserModeList
2015-01-14 10:16 - 2015-01-14 10:16 - 00001391 _____ () C:\Users\Manuel\Desktop\HitmanPro.lnk
2015-01-14 10:10 - 2015-01-16 16:50 - 00000000 ____D () C:\ProgramData\Avira
2015-01-14 09:54 - 2015-01-15 14:24 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 09:54 - 2015-01-14 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 09:53 - 2015-01-14 10:12 - 00000000 ____D () C:\Users\Manuel\Downloads\Hitman
2015-01-14 09:08 - 2015-01-14 09:08 - 00000000 ____D () C:\ProgramData\Network Associates
2015-01-14 09:06 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\F0856D1B11EE46528174EAF3D5AB6C66.TMP
2015-01-14 09:03 - 2015-01-16 20:55 - 00000000 ____D () C:\AdwCleaner
2015-01-14 08:59 - 2015-01-14 08:59 - 02191360 _____ () C:\Users\Manuel\Desktop\adwcleaner_4.107.exe
2015-01-14 08:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:34 - 2015-01-16 16:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 18:19 - 2015-01-13 18:19 - 14747172 _____ () C:\Users\Manuel\Desktop\Zusammenfassung.pptx
2015-01-13 18:12 - 2014-12-02 18:27 - 00090112 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\Manuel\Desktop\DontSleep.exe
2015-01-13 17:29 - 2015-01-13 18:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-13 16:58 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2015-01-13 15:50 - 2015-01-13 15:50 - 00017408 _____ () C:\Users\Manuel\Desktop\Abmeldung von Kursen FS 14.msg
2015-01-13 15:44 - 2014-03-26 22:21 - 00020480 _____ () C:\Users\Manuel\Desktop\Kursabmeldung  aufgrund nicht bestandener Leistungsnachweise FS 14.msg
2015-01-13 12:23 - 2015-01-13 12:23 - 00000000 ____D () C:\Users\Manuel\Downloads\platform-tools
2015-01-13 11:48 - 2015-01-13 11:48 - 00000000 ____D () C:\Users\x203\AppData\Local\Avg2014
2015-01-13 10:59 - 2015-01-13 11:00 - 00000000 ____D () C:\Users\Manuel\Downloads\NEW SuperStamina
2015-01-12 22:42 - 2015-01-12 22:43 - 00000000 ____D () C:\Users\Manuel\Downloads\rootkitXperia_20140719
2015-01-12 22:12 - 2015-01-12 22:12 - 00000019 _____ () C:\Users\Manuel\Desktop\iomei.txt
2015-01-12 21:42 - 2015-01-12 21:42 - 00038859 _____ () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World.html
2015-01-12 21:42 - 2015-01-12 21:42 - 00000000 ____D () C:\Users\Manuel\Desktop\Unlockbootloader* *Step 3  4 - Developer World_files
2015-01-12 17:44 - 2015-01-13 15:21 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Android
2015-01-12 17:21 - 2015-01-12 21:05 - 00000000 ____D () C:\Users\Manuel\Downloads\EasyRootTool v12.4
2015-01-12 16:04 - 2015-01-12 16:39 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-01-12 16:03 - 2015-01-13 00:23 - 00000000 ____D () C:\Flashtool
2015-01-11 12:51 - 2015-01-11 12:51 - 00111448 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-10 21:11 - 2015-01-13 09:22 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-10 21:03 - 2015-01-10 21:03 - 00001135 _____ () C:\Users\Manuel\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 20:52 - 2015-01-10 20:52 - 00000000 ____D () C:\Users\x203\.android
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-01-10 20:51 - 2015-01-10 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-01-10 20:38 - 2015-01-10 20:38 - 00000000 ____D () C:\Users\x203\.swt
2015-01-10 17:15 - 2015-01-10 17:15 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-01-10 17:15 - 2015-01-10 17:15 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-01-10 17:13 - 2015-01-11 10:29 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2015-01-10 14:12 - 2015-01-11 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.jmc
2015-01-10 13:49 - 2015-01-10 13:49 - 00000000 ____D () C:\Users\Manuel\.eclipse
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\x203\.AndroidStudio
2015-01-10 13:39 - 2015-01-10 13:39 - 00000000 ____D () C:\Users\Manuel\.AndroidStudio
2015-01-10 13:38 - 2015-01-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-10 13:34 - 2015-01-13 12:25 - 00000000 ____D () C:\Program Files\Android
2015-01-10 13:32 - 2015-01-11 11:02 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 13:32 - 2015-01-11 11:01 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-10 13:32 - 2015-01-11 11:01 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-10 13:31 - 2015-01-11 11:01 - 00000000 ____D () C:\Program Files\Java
2015-01-09 08:59 - 2015-01-09 09:00 - 00000000 ____D () C:\ProgramData\Stardock
2015-01-08 18:57 - 2015-01-08 19:08 - 00045720 _____ () C:\BROM_DLL.log
2015-01-08 18:24 - 2015-01-09 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-08 18:24 - 2015-01-08 21:00 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-08 18:24 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\GHISLER
2015-01-08 18:24 - 2015-01-08 18:24 - 00001062 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2015-01-08 18:24 - 2015-01-08 18:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\GHISLER
2015-01-07 15:27 - 2015-01-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-07 15:19 - 2015-01-07 15:19 - 00000000 ____D () C:\Users\x203\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2015-01-07 15:18 - 2015-01-11 10:30 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\x203\AppData\Roaming\EIZO
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\EIZO
2015-01-07 15:17 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\x203\AppData\Local\Downloaded Installations
2015-01-06 10:30 - 2015-01-06 10:30 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Foxit Reader
2015-01-04 09:10 - 2015-01-04 09:10 - 00001562 _____ () C:\Users\Manuel\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-01-04 09:08 - 2015-01-04 09:08 - 00001067 _____ () C:\Users\Manuel\Desktop\Password Manager.lnk
2015-01-02 13:44 - 2015-01-02 13:47 - 00000000 ____D () C:\Users\Manuel\AppData\Local\CyberGhost
2015-01-02 13:44 - 2015-01-02 13:44 - 00001739 _____ () C:\Users\x203\Desktop\CyberGhost 5.lnk
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-02 13:44 - 2015-01-02 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-30 09:16 - 2014-12-30 09:25 - 595612217 _____ () C:\Users\Manuel\Desktop\Perfekte-Portraits.zip
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-19 19:49 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Manuel\AppData\OICE_15_974FA576_32C1D314_A33

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 11:14 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Eye-Fi
2015-01-18 11:14 - 2013-05-15 04:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-18 11:14 - 2013-05-15 04:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-18 11:14 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 11:14 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 11:14 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 11:11 - 2013-05-15 05:28 - 01277477 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 11:08 - 2014-12-13 01:59 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Eye-Fi
2015-01-18 11:08 - 2014-09-26 16:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-18 11:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 22:07 - 2013-11-19 12:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 18:54 - 2014-05-18 11:17 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Spotify
2015-01-16 21:02 - 2013-10-29 11:53 - 00000000 ____D () C:\Users\x203\AppData\Local\Google
2015-01-16 18:26 - 2013-10-27 09:56 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Google
2015-01-16 18:26 - 2013-05-15 05:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-16 18:23 - 2014-12-08 10:30 - 01022464 ___SH () C:\Users\Manuel\Desktop\Thumbs.db
2015-01-16 16:47 - 2013-10-21 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-16 16:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 16:04 - 2014-01-01 17:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 15:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 10:58 - 2014-09-26 16:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-16 10:58 - 2014-09-15 18:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:14 - 2014-09-30 16:50 - 00000000 ____D () C:\Program Files\Adobe Photoshop
2015-01-16 10:14 - 2014-09-30 12:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 10:14 - 2014-01-11 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 10:14 - 2013-09-30 20:23 - 00000000 ____D () C:\Users\x203\AppData\Local\Adobe
2015-01-16 10:14 - 2013-05-15 05:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-15 19:32 - 2013-09-30 20:19 - 00000000 ____D () C:\Users\x203
2015-01-15 15:59 - 2013-12-09 14:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 14:38 - 2014-03-04 13:45 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2015-01-15 14:22 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2015-01-15 11:11 - 2013-12-09 14:56 - 00000000 ____D () C:\Users\x203\AppData\Roaming\TuneUp Software
2015-01-15 09:57 - 2013-05-15 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 17:07 - 2013-11-19 12:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2013-11-19 12:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:07 - 2013-11-19 12:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 11:22 - 2013-10-21 22:38 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 11:21 - 2013-10-21 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:11 - 2013-10-21 21:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 10:18 - 2013-10-28 14:32 - 00003568 _____ () C:\Windows\system32\.crusader
2015-01-14 10:18 - 2013-10-28 14:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 10:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 09:27 - 2014-01-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 09:23 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel
2015-01-14 09:23 - 2013-05-14 12:53 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-14 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-14 09:08 - 2014-10-22 19:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 08:49 - 2013-10-28 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:43 - 2014-12-03 15:12 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Deployment
2015-01-13 18:05 - 2014-05-18 11:18 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Spotify
2015-01-13 17:31 - 2013-10-27 10:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-13 17:06 - 2014-12-13 17:43 - 00000000 ____D () C:\Users\Manuel\Desktop\WE Jungs
2015-01-13 17:06 - 2014-09-18 16:13 - 00000000 ____D () C:\Users\Manuel\Desktop\Ricardo
2015-01-13 16:59 - 2013-05-15 05:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-13 12:26 - 2014-05-16 08:06 - 00000000 ____D () C:\Users\Manuel\.android
2015-01-13 12:00 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\Manuel\Desktop\Fotos
2015-01-13 11:46 - 2014-05-30 09:05 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-13 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 17:47 - 2013-05-15 05:19 - 00000000 ____D () C:\Program Files\Intel
2015-01-11 11:00 - 2014-03-09 10:51 - 00111448 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-01-11 10:54 - 2014-12-05 09:46 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-11 10:54 - 2014-09-26 16:37 - 00002978 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-11 10:54 - 2014-09-26 16:37 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-11 10:54 - 2014-09-26 16:37 - 00001095 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-10 14:40 - 2014-05-15 16:04 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-10 14:40 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-10 14:05 - 2013-10-27 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-09 20:54 - 2013-10-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Fences
2015-01-09 20:54 - 2013-05-15 05:34 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-08 18:57 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Local\VirtualStore
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 15:24 - 2014-06-20 16:48 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Unity
2015-01-07 12:18 - 2013-10-27 09:55 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Adobe
2015-01-06 09:12 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Manuel\Documents\Korrespondenz
2015-01-04 09:19 - 2014-05-19 07:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-04 09:19 - 2014-05-19 07:10 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-01-04 09:18 - 2014-05-19 07:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\Users\x203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2014-05-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 09:03 - 2013-10-27 17:18 - 00000000 ____D () C:\Program Files\winRar
2014-12-31 18:03 - 2014-01-14 11:34 - 00000000 ____D () C:\Users\Manuel\Desktop\Ablage
2014-12-31 13:38 - 2013-10-27 09:40 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Adobe
2014-12-22 10:36 - 2013-10-27 12:15 - 00001398 _____ () C:\Users\Manuel\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-12-22 10:27 - 2013-10-27 12:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-22 10:27 - 2013-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-22 10:22 - 2014-01-01 10:48 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 10:22 - 2014-01-01 10:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 21:28 - 2014-03-04 13:45 - 00001036 _____ () C:\Users\Manuel\Desktop\Dropbox.lnk
2014-12-19 21:28 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 18:57 - 2013-11-03 11:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Intel WiDi

Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:49

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by x203 at 2015-01-18 11:18:37
Running from C:\Users\Manuel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.2 - Lenovo Group Limited)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Eye-Fi Center 3.4 (HKLM-x32\...\{18B00AC5-C082-471E-88B0-F02FE5A2541A}) (Version: 3.4.26 - Eye-Fi, Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
FireCuva Data Recovery 2014.1.8.20 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.1.8.20 - FireCuva)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
ISD Tablett (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{A792A135-EE29-4FE2-B4CB-D3F984CEA9EC}) (Version: 3.2.30123.1026 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.4.1017.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Bootvis (HKLM-x32\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 5.0.0.505 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.505 - GRAHL software design)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3554811672-1824628599-3789470933-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.01.00 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage Update Retriever (HKLM-x32\...\{F25C538D-3F57-4AF4-80DD-B1DD1558F038}) (Version: 5.00.0010 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3554811672-1824628599-3789470933-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3554811672-1824628599-3789470933-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-01-2015 19:20:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-16 11:03 - 2015-01-16 14:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06DCFC04-6BA5-45A1-A87C-2AB6D5B07FB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {1056F6BE-8A9B-4789-A45A-766212E69BDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138C1B65-AA12-4B15-816E-2BAD5C404989} - System32\Tasks\{5179303A-B077-4DD2-8CAA-370E2C7A215A} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {16CE9FF3-C7EA-4493-B6B7-30FA88486725} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {1C473A2D-C8EA-4A9A-A60F-4AE443F13033} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {442BFA7F-2D23-479D-BFA5-C832EF77F87F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {452FFBFB-D9B9-4347-8F5E-A7F1A6772E3C} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {49A96084-47D7-43F1-9D0D-B6127F991574} - System32\Tasks\{09F43E45-D90B-4046-91C3-BC9637D8C4B8} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
Task: {49DAAF81-E95C-4964-B237-22F6C980448E} - System32\Tasks\{4EEB7BF1-AE9F-4345-BB40-78EB0CDEA9E0} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {4F32F716-7098-4249-B056-356F3CE9ECB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5745E252-0287-4003-B1BA-33F5B1BB87F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for x203-THINK-Manuel x203-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {57904E4B-FF80-4701-AF04-AC8517DA374A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5C766DF2-DBB1-4EFF-8997-84E9436A2595} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {606A9245-4225-4177-A2B4-88D04B527E80} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.Manuel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {7280DB27-B177-448B-BDB4-8BAC6BC75597} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {78DC8C0F-41CD-4700-A7C6-177E891F01B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7965D48E-112A-49BE-B3BA-FBDDE5A086EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {828FF779-6267-41C5-8A2F-9D575790BDD5} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe [2014-11-03] (Symantec Corporation)
Task: {82F88A18-7A4E-4C2B-85C2-2F254577559E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {833CF6A6-9B70-482E-B833-78F68CD8FB3A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {870D44EA-14A3-4E7F-8814-22F1A86B39A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8740F25F-3678-4962-94E4-2A5235A39CCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {92BFD621-E872-4F04-A065-41853B8E2CD0} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {9A209F4B-E899-4C8C-A211-FD8997DFC557} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {9D6C3B14-CB5E-4BCD-B078-A5559D3BD1D7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9DC14AA8-2996-4213-98B3-CB8D76E9C951} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {A48895AA-13C8-478E-A8AB-4D3DA40B6816} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A5C29781-2A7A-4007-A739-AE6A3784ADF8} - System32\Tasks\{80AFFF4F-06A3-40B4-B912-D1677BDADF9D} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IrfanView\i_view32.exe"
Task: {A91938F3-2A68-4C36-8403-A6A842BE5A8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A93198E1-5CA9-4525-AA70-82FC9A482993} - System32\Tasks\{EDD59D43-8C29-431A-A8D2-B4BFCA7730F2} => E:\JDownloaderPortable\JDownloaderPortable.exe
Task: {AE133D30-0D35-41A2-B384-7ABF0F5EE4CA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {B30A2AFD-6E31-4BCA-905C-0C08D189A4F8} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {B3EA1B66-775D-4F84-9CB2-0371BA2B414B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA4E8AF1-2935-4244-AD22-3DA5C0178502} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {BE8F36B1-40F7-4223-B0C8-91A4DC614677} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-11-14] (Lenovo Group Limited)
Task: {C00813A1-3AF3-4160-9359-E2A144414574} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC68A762-4464-4EAC-8F6C-88F9A9E296B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CF4838A5-80E6-4F0F-8B1F-4F68C964BBBD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd)
Task: {D19DD550-1FB7-4C8A-9B8B-31B8EF5B6B20} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {D4F8C4B7-FEB0-4ACB-8D71-0C12D509E7A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DB3A4CDE-C0E3-42C3-91EC-40CFE629F47C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd)
Task: {DD31794C-86DD-4901-994A-658185898645} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for x203-THINK.x203 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {DEC60349-DA4C-4920-A9B9-4A091F4C5321} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E64DE862-5A05-457D-8396-3B79DFC9DDE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E6D4097C-9FCB-4456-951E-7E866581E69F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ECA97D21-FEF3-45D0-BEB5-2BB6A2316EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F77C609C-EC1F-488E-BD9A-790F78E5A763} - System32\Tasks\{A1DB3074-2A97-4668-A054-6DCBAB2DE05E} => C:\Program Files (x86)\IrfanView\i_view32.exe
Task: {FDAE8DB2-5746-4868-97FD-40AD33B7A6DB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe

==================== Loaded Modules (whitelisted) =============

2013-10-28 10:23 - 2010-06-17 20:56 - 00087040 ____N () C:\Windows\System32\redmonnt.dll
2013-05-15 05:23 - 2012-04-10 16:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-05-15 05:27 - 2014-11-14 06:07 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-10-16 16:13 - 2014-10-16 16:13 - 00290184 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
2014-10-16 16:13 - 2014-10-16 16:13 - 00032544 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\Data.dll
2014-10-16 16:13 - 2014-10-16 16:13 - 00014624 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\DataInterface.dll
2014-10-16 16:13 - 2014-10-16 16:13 - 00012664 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\Aspect.dll
2014-10-16 16:13 - 2014-10-16 16:13 - 00081184 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\DiskPartitionInterface.dll
2014-10-16 16:13 - 2014-10-16 16:13 - 00013088 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\WindowsRegistry.dll
2014-10-16 16:13 - 2014-10-16 16:13 - 00044320 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\PwrMgrIF.dll
2014-10-16 01:48 - 2014-10-16 01:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-05-15 05:27 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-09-26 16:35 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-26 16:35 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-26 16:35 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-26 16:35 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-21 22:39 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-09-16 19:01 - 2014-09-16 19:01 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2011-12-21 23:05 - 2011-12-21 23:05 - 00014848 _____ () C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll
2015-01-17 20:05 - 2014-12-31 12:27 - 00053496 _____ () C:\Users\Manuel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-10-21 22:32 - 2013-05-13 14:15 - 01199576 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-16 12:38 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manuel\Desktop\Stundenplan.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^x203^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0C => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: MobileAccess => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirst
MSCONFIG\startupreg: NUSB3MON => "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
MSCONFIG\startupreg: PasswordManager => C:\Program Files\Lenovo\Password Manager\password_manager.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\x203\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SharpSpace => C:\Program Files (x86)\SharpSpace\SharpSpace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3554811672-1824628599-3789470933-500 - Administrator - Disabled)
Gast (S-1-5-21-3554811672-1824628599-3789470933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3554811672-1824628599-3789470933-1040 - Limited - Enabled)
Manuel (S-1-5-21-3554811672-1824628599-3789470933-1003 - Limited - Enabled) => C:\Users\Manuel
x203 (S-1-5-21-3554811672-1824628599-3789470933-1000 - Administrator - Enabled) => C:\Users\x203

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 11:16:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xe20
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/18/2015 11:10:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x1718
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/17/2015 08:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Name des fehlerhaften Moduls: ISD_Tablet.exe, Version: 7.0.2.29, Zeitstempel: 0x4f6cf301
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000860d2
ID des fehlerhaften Prozesses: 0x19b8
Startzeit der fehlerhaften Anwendung: 0xISD_Tablet.exe0
Pfad der fehlerhaften Anwendung: ISD_Tablet.exe1
Pfad des fehlerhaften Moduls: ISD_Tablet.exe2
Berichtskennung: ISD_Tablet.exe3

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/17/2015 08:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x2814
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (01/18/2015 11:09:08 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/18/2015 11:07:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847

Error: (01/17/2015 08:07:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/17/2015 08:05:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847

Error: (01/17/2015 08:04:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/17/2015 00:44:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/17/2015 00:40:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/17/2015 11:08:08 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 09:07:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 09:05:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847


Microsoft Office Sessions:
=========================
Error: (01/18/2015 11:16:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425e2001d0330758ab8757C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0ad55399-9efb-11e4-8d8f-028037ec0200

Error: (01/18/2015 11:10:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d2171801d033069c2e6b47C:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exe4230781f-9efa-11e4-8d8f-028037ec0200

Error: (01/17/2015 08:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISD_Tablet.exe7.0.2.294f6cf301ISD_Tablet.exe7.0.2.294f6cf301c000000500000000000860d219b801d0328899a8d09cC:\Program Files\Tablet\ISD\ISD_Tablet.exeC:\Program Files\Tablet\ISD\ISD_Tablet.exedeae5406-9e7b-11e4-8db0-028037ec0200

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path23808600

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path21808600

Error: (01/17/2015 08:05:55 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path18808600

Error: (01/17/2015 08:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425281401d0325c8fd48867C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla98c9b17-9e7b-11e4-88c1-028037ec0200


CodeIntegrity Errors:
===================================
  Date: 2015-01-16 13:58:16.187
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-16 13:58:16.140
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 09:08:57.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 20:34:06.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 20:34:05.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:40:29.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:48.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 15:36:01.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-26 20:26:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 32%
Total physical RAM: 7887.8 MB
Available physical RAM: 5299.62 MB
Total Pagefile: 15773.78 MB
Available Pagefile: 12637.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:140.64 GB) (Free:21.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: AA9E1116)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

==================== End Of Log ============================

schrauber 18.01.2015 15:07
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

maga84 19.01.2015 08:35
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo schrauber,

So wie es aussieht ist alles wieder im grünen Bereich.

Bei Secunia bekomme ich noch folgende Meldung:Anhang 72033
http://www.trojaner-board.de/attachm...1&d=1421652843

Finde es wirklich klasse wie Ihr das hier super gelöst und mir weiter geholfen habt.
Super schnelle Reaktionszeit und Step-by-step klasse erklärt.

Hat mir sogar Spaß gemacht mit eurer Hilfe dem "Bösen" den Gar auszumachen! :kloppen::aufsmaul: ;-)

Ich danke dir sehr dafür und erstmal alles Gute!

Grüsse
Maga

schrauber 19.01.2015 15:35
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131