Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7 SP1 // ERR_CONNECTION_CLOSED bei LogIn (https://www.trojaner-board.de/170322-win7-sp1-err_connection_closed-login.html)

Toshef 26.08.2015 21:38
Win7 SP1 // ERR_CONNECTION_CLOSED bei LogIn
 
Tag zusammen,

vielen Dank erst mal, dass es euch gibt & ich euch gefunden habe. Super. Ich komme gleich zum Thema. Beim Versuch, mich auf bestimmten Seiten (darunter Kundenkonten etc.) einzuloggen wird nicht die erwünschte Seite aufgerufen, sondern der Browser meldet ERR_CONNECTION_CLOSED Das Problem tritt bei ALLEN verwendeten Browsern (IE, Firefox, Chrome) und bei ALLEN Benutzerkonten auf. Ich bin in eurem Forum auf einen ähnlichen Fall gestoßen (http://www.trojaner-board.de/161270-...ermeldung.html) und vermute ein ähnliches Problem. Hier nun die Logs

Defogger
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:42 on 26/08/2015 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
durchgeführt von Martin (ACHTUNG: der Benutzer ist kein Administrator) auf THINK_MOBIL (26-08-2015 21:55:27)
Gestartet von C:\Users\Martin\Desktop\TrojanerBoard
Geladene Profile: Admin & Martin (Verfügbare Profile: Thomas & Admin & Martin & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

konnte nicht auf den Prozess zugreifen -> smss.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> wininit.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> services.exe
konnte nicht auf den Prozess zugreifen -> lsass.exe
konnte nicht auf den Prozess zugreifen -> lsm.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> vsserv.exe
konnte nicht auf den Prozess zugreifen -> winlogon.exe
konnte nicht auf den Prozess zugreifen -> ibmpmsvc.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> RtkAudioService64.exe
konnte nicht auf den Prozess zugreifen -> RAVBg64.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> wlanext.exe
konnte nicht auf den Prozess zugreifen -> conhost.exe
konnte nicht auf den Prozess zugreifen -> taskeng.exe
konnte nicht auf den Prozess zugreifen -> spoolsv.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> AcPrfMgrSvc.exe
konnte nicht auf den Prozess zugreifen -> armsvc.exe
konnte nicht auf den Prozess zugreifen -> AllShareFrameworkManagerDMS.exe
konnte nicht auf den Prozess zugreifen -> AllShare Play Service.exe
konnte nicht auf den Prozess zugreifen -> AllShareFrameworkDMS.exe
konnte nicht auf den Prozess zugreifen -> AllShare Play Service.exe
konnte nicht auf den Prozess zugreifen -> btwdins.exe
konnte nicht auf den Prozess zugreifen -> officeclicktorun.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> EvtEng.exe
konnte nicht auf den Prozess zugreifen -> CaptureLibService.exe
konnte nicht auf den Prozess zugreifen -> CamMute.exe
konnte nicht auf den Prozess zugreifen -> TPKNRSVC.exe
konnte nicht auf den Prozess zugreifen -> lvvsst.exe
konnte nicht auf den Prozess zugreifen -> PsiService_2.exe
konnte nicht auf den Prozess zugreifen -> RegSrvc.exe
konnte nicht auf den Prozess zugreifen -> SDFSSvc.exe
konnte nicht auf den Prozess zugreifen -> upeksvr.exe
konnte nicht auf den Prozess zugreifen -> SDUpdSvc.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> TPHKSVC.exe
konnte nicht auf den Prozess zugreifen -> ULCDRSvr.exe
konnte nicht auf den Prozess zugreifen -> updatesrv.exe
konnte nicht auf den Prozess zugreifen -> vmware-usbarbitrator.exe
konnte nicht auf den Prozess zugreifen -> vmnat.exe
konnte nicht auf den Prozess zugreifen -> WLIDSVC.EXE
konnte nicht auf den Prozess zugreifen -> WLIDSVCM.EXE
konnte nicht auf den Prozess zugreifen -> ZeroConfigService.exe
konnte nicht auf den Prozess zugreifen -> AcSvc.exe
konnte nicht auf den Prozess zugreifen -> micmute.exe
konnte nicht auf den Prozess zugreifen -> SDWSCSvc.exe
konnte nicht auf den Prozess zugreifen -> conhost.exe
konnte nicht auf den Prozess zugreifen -> tphkload.exe
konnte nicht auf den Prozess zugreifen -> vmware-authd.exe
konnte nicht auf den Prozess zugreifen -> unsecapp.exe
konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe
konnte nicht auf den Prozess zugreifen -> vmnetdhcp.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Spotify Ltd) C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
konnte nicht auf den Prozess zugreifen -> tpnumlk.exe
konnte nicht auf den Prozess zugreifen -> virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
konnte nicht auf den Prozess zugreifen -> shtctky.exe
konnte nicht auf den Prozess zugreifen -> tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
konnte nicht auf den Prozess zugreifen -> wmpnetwk.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> DZSVC64.EXE
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
konnte nicht auf den Prozess zugreifen -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe
konnte nicht auf den Prozess zugreifen -> dllhost.exe
konnte nicht auf den Prozess zugreifen -> SvcGuiHlpr.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
konnte nicht auf den Prozess zugreifen -> PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
konnte nicht auf den Prozess zugreifen -> LMS.exe
konnte nicht auf den Prozess zugreifen -> UNS.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Users\Martin\AppData\Local\Apps\2.0\YN52DQZR.EL2\AWOJH3J0.C7H\lsb...tion_91a10ba61c75c82d_0001.0004_53146ffb7155a994\LSB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
konnte nicht auf den Prozess zugreifen -> SearchProtocolHost.exe
konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2962232 2012-10-18] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-24] (Bitdefender)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [VMware hqtray] => C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64112 2010-11-11] (VMware, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\Run: [Google Update] => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-29] (Google Inc.)
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\Run: [Spotify Web Helper] => C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1806904 2015-03-07] (Spotify Ltd)
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-05-25]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013-04-01]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Produktregistrierung.lnk [2012-07-16]
ShortcutTarget: Lenovo Produktregistrierung.lnk -> C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
ShellIconOverlayIdentifiers: [  0_OneComShellExt1] -> {F6BBFE20-F40C-449D-867A-70D304E407CC} =>  Keine Datei
ShellIconOverlayIdentifiers: [  0_OneComShellExt2] -> {12BC1D5F-8949-451A-9F47-0240E9E31D11} =>  Keine Datei
ShellIconOverlayIdentifiers: [  0_OneComShellExt3] -> {817B4083-0CBC-4538-BB47-746BA33CE791} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.planetromeo.com/
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: [S-1-5-21-1502967087-3225744061-2520733942-1005] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE490
SearchScopes: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE490
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006 -> Kein Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  Keine Datei
Toolbar: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1D202F41-BA2A-4229-A495-BD28524ABDDB}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6E9C244A-7F94-4EFA-A244-1B8DF009B825}: [DhcpNameServer] 172.18.15.254 172.18.15.253
Tcpip\..\Interfaces\{BA53AA3A-72CA-4061-B50A-A2453477AFF5}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mr4gr2dj.default
FF Homepage: hxxp://www.planetromeo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-03-15] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502967087-3225744061-2520733942-1006: @talk.google.com/GoogleTalkPlugin -> C:\Users\Martin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1502967087-3225744061-2520733942-1006: @talk.google.com/O1DPlugin -> C:\Users\Martin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1502967087-3225744061-2520733942-1006: @tools.google.com/Google Update;version=3 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502967087-3225744061-2520733942-1006: @tools.google.com/Google Update;version=9 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Martin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Martin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mr4gr2dj.default\searchplugins\testde-suche.xml [2013-01-16]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mr4gr2dj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-30]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-04-09]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-10-25]
CHR Extension: (Java for Web Pages) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmcbmmehggielopebenlpgcghiigckn [2014-11-09]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2013-04-04]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2012-07-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe [408184 2012-10-23] (Samsung)
R2 AllShare Play Service; C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe [662752 2012-12-20] (Copyright 2012 SAMSUNG)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-24] (Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-09-24] (Lenovo.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [Datei ist nicht signiert]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [Datei ist nicht signiert]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-04-29] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-10-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-24] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-24] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
U4 bdselfpr; kein ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 pgtdqpow; \??\C:\Users\Admin\AppData\Local\Temp\pgtdqpow.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-26 20:21 - 2015-08-26 20:21 - 00490568 _____ () C:\Users\Martin\Downloads\LSBsetup (1).exe
2015-08-26 20:21 - 2015-08-26 20:21 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-26 20:21 - 2015-08-26 20:21 - 00000000 ____D C:\Users\Martin\AppData\Local\Deployment
2015-08-26 20:20 - 2015-08-26 20:20 - 00490568 _____ () C:\Users\Martin\Downloads\LSBsetup.exe
2015-08-24 22:05 - 2015-08-24 22:05 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-24 22:05 - 2015-08-24 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-24 22:05 - 2015-08-24 22:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-24 22:05 - 2015-08-24 22:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-24 22:05 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-24 22:05 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-24 22:05 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-24 21:30 - 2015-08-24 21:30 - 00000000 ____D C:\Users\Martin\AppData\Local\TempTaskUpdateDetection2DA89425-1AD8-49F4-9FC5-82E4DEA3F914
2015-08-24 20:45 - 2015-08-24 20:45 - 00000000 ____D C:\Users\Martin\AppData\Local\TempTaskUpdateDetectionA1D10E8D-BC16-4782-97BB-7350A1032B2D
2015-08-24 20:34 - 2015-08-24 21:33 - 00000000 ___SD C:\ComboFix
2015-08-24 20:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-24 20:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-24 20:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-24 19:42 - 2015-08-24 21:20 - 00000000 ____D C:\Windows\erdnt
2015-08-24 19:42 - 2015-08-24 20:34 - 00000000 ____D C:\Qoobox
2015-08-23 20:24 - 2015-08-26 21:55 - 00000000 ____D C:\FRST
2015-08-23 20:24 - 2015-08-23 20:24 - 00000000 _____ C:\Users\Admin\defogger_reenable
2015-08-22 18:33 - 2015-08-26 21:55 - 00000000 ____D C:\Users\Martin\Desktop\TrojanerBoard
2015-08-21 21:59 - 2015-08-21 22:00 - 02870984 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_deu.exe
2015-08-19 23:53 - 2015-08-19 23:53 - 00002002 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-08-10 00:34 - 2015-08-10 00:34 - 63320784 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\IE11-Windows6.1-x64-de-de.exe
2015-08-10 00:33 - 2015-08-10 00:34 - 02077392 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\IE11-Windows6.1.exe
2015-08-08 17:54 - 2015-08-09 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-06 21:59 - 2015-08-06 21:59 - 00000000 ____D C:\Users\Martin\Desktop\Torchat
2015-08-04 19:36 - 2015-08-04 23:26 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-28 07:47 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 07:47 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 07:47 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 07:47 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 07:47 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 07:47 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 07:47 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 07:47 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-26 21:54 - 2012-07-18 18:22 - 00000582 _____ C:\Windows\system32\checkdnsid.xml
2015-08-26 21:52 - 2012-09-04 08:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-26 21:14 - 2013-10-29 11:10 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006UA.job
2015-08-26 21:14 - 2013-10-29 11:10 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006Core.job
2015-08-26 20:59 - 2015-06-07 22:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-26 20:59 - 2015-06-07 22:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-26 20:35 - 2012-06-29 08:29 - 00000000 ____D C:\Users\Martin\Desktop\Haushalt
2015-08-26 20:25 - 2012-05-25 12:50 - 01165503 _____ C:\Windows\WindowsUpdate.log
2015-08-26 20:21 - 2012-06-30 13:14 - 00000000 ____D C:\Users\Martin\AppData\Local\Apps\2.0
2015-08-26 20:04 - 2013-08-16 08:41 - 00159300 _____ C:\Windows\setupact.log
2015-08-26 20:04 - 2009-07-14 06:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-26 20:04 - 2009-07-14 06:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-26 20:01 - 2012-05-25 22:33 - 00720856 _____ C:\Windows\system32\perfh007.dat
2015-08-26 20:01 - 2012-05-25 22:33 - 00156878 _____ C:\Windows\system32\perfc007.dat
2015-08-26 20:01 - 2009-07-14 07:13 - 01666642 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-26 19:54 - 2013-10-16 18:39 - 00000000 ____D C:\ProgramData\VMware
2015-08-26 19:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-25 20:22 - 2013-07-07 15:27 - 00000000 ____D C:\Users\Martin\Desktop\Astra
2015-08-25 20:21 - 2015-04-18 18:33 - 00000000 ____D C:\Users\Martin\Desktop\Ketamin_Depression
2015-08-25 20:08 - 2013-10-08 06:17 - 00327436 _____ C:\Windows\PFRO.log
2015-08-24 21:55 - 2015-06-07 18:07 - 00000000 ____D C:\AdwCleaner
2015-08-24 21:39 - 2012-06-22 15:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-24 21:37 - 2015-04-18 18:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-23 20:24 - 2012-06-28 14:42 - 00000000 ____D C:\Users\Admin
2015-08-21 21:00 - 2015-06-07 22:49 - 00002186 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-19 23:53 - 2014-05-18 12:38 - 00000000 ____D C:\Users\Martin\AppData\Roaming\LSC
2015-08-19 23:53 - 2012-05-25 13:00 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-08-19 23:03 - 2012-05-25 13:05 - 00000000 ____D C:\Windows\Downloaded Installations
2015-08-13 00:52 - 2012-07-27 15:49 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 00:52 - 2012-07-27 15:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 23:10 - 2012-06-28 16:34 - 00000000 ____D C:\Users\Martin\Desktop\Abbildungen
2015-08-10 00:35 - 2013-12-02 03:58 - 00019759 _____ C:\Windows\IE11_main.log
2015-08-09 23:40 - 2013-07-12 07:12 - 00000000 ____D C:\Lenovo
2015-08-09 23:40 - 2012-05-25 22:23 - 00000000 ____D C:\ProgramData\Lenovo
2015-08-09 23:40 - 2012-05-25 13:01 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-08-09 23:39 - 2012-07-04 07:37 - 00158960 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-08-09 23:29 - 2012-08-21 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 16:11 - 2012-06-28 12:42 - 00158960 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-09 16:09 - 2015-04-18 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-08 22:02 - 2009-07-14 06:45 - 00583040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-08 20:34 - 2015-06-07 17:50 - 00000467 _____ C:\Users\Martin\Downloads\debug.log
2015-08-08 20:34 - 2012-06-28 15:12 - 00000000 ____D C:\Users\Martin\AppData\Local\Google
2015-08-06 22:53 - 2012-11-16 14:06 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2015-08-06 22:42 - 2012-10-12 15:55 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Media Player Classic
2015-08-04 23:26 - 2013-06-30 14:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-04 23:23 - 2014-09-23 14:35 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-07-31 06:28 - 2014-05-09 17:27 - 00000000 ____D C:\Users\Martin\Desktop\Diverse Infos
2015-07-28 07:47 - 2014-05-07 22:52 - 00000000 ___SD C:\Windows\system32\CompatTel

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-04-01 19:38 - 2013-11-06 08:08 - 0001188 _____ () C:\Users\Martin\AppData\Local\crc32list11.txt
2013-10-24 01:56 - 2015-05-03 21:26 - 0018432 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-01 21:10 - 2012-07-01 21:10 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg
2015-07-24 05:37 - 2015-07-24 05:37 - 0000000 _____ () C:\Users\Martin\AppData\Local\{404AB8FD-4593-4AE2-BA57-77627496F3DF}
2012-06-28 15:10 - 2015-05-31 15:34 - 0001890 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. der Benutzer ist kein Administrator

==================== Ende von FRST.txt ============================
...Rest in neuem Post!

Win7 SP1 // ERR_CONNECTION_CLOSED bei LogIn - Logs Teil 2

Additions
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-08-2015
durchgeführt von Martin (2015-08-26 21:55:52)
Gestartet von C:\Users\Martin\Desktop\TrojanerBoard
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-1502967087-3225744061-2520733942-1005 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1502967087-3225744061-2520733942-500 - Administrator - Disabled)
Gast (S-1-5-21-1502967087-3225744061-2520733942-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1502967087-3225744061-2520733942-1020 - Limited - Enabled)
Martin (S-1-5-21-1502967087-3225744061-2520733942-1006 - Limited - Enabled) => C:\Users\Martin
Thomas (S-1-5-21-1502967087-3225744061-2520733942-1003 - Limited - Enabled) => C:\Users\Thomas
__vmware_user__ (S-1-5-21-1502967087-3225744061-2520733942-1030 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Bitdefender Virenschutz (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AllShare Framework DMS (HKLM\...\{1ABC9BD2-7E06-4D70-929B-AC1B6461A8B2}) (Version: 1.3.06 - Samsung)
AllShare Play 1.5.0.1212201836 (HKLM\...\8474-7877-9059-0204) (Version: 1.5.0.1212201836 - Copyright 2012 SAMSUNG)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.6 - Bison WebCam Ap)
Bitdefender Internet Security 2013 (HKLM\...\Bitdefender) (Version: 16.28.0.1789 - Bitdefender)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.910 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.882 - Corel Inc.)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang CZ (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (x32 Version: 14.1 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - Lang PL (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang SU (x32 Version: 14.1 - Yrityksen nimi) Hidden
CorelDRAW Graphics Suite X4 - Lang SV (x32 Version: 14.1 - Ditt företagsnamn) Hidden
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM-x32\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM-x32\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.36 - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1132 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1132 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\cbe8636f7dd0cf1d) (Version: 1.4.0.0 - Lenovo)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0003 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 39.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 de)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.6.4.6052 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.4.6052 - MPC-HC Team)
MS-Buchhalter Start 3.0 (HKLM-x32\...\MS-Buchhalter Start) (Version: 3.0 - Michael Schroeder)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Data Migration (HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 0.9.1.23 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\Spotify) (Version: 0.9.16.25.g241bf986 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TaxSystems Business 8 (HKLM-x32\...\{DAA71320-C85E-4EE6-8090-E7CCCEB46F05}) (Version: 8.0.602 - TaxSystems GmbH & Co. KG)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.910 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 3.1.3.14951 - VMware, Inc)
VMware Player (x32 Version: 3.1.3.14951 - VMware, Inc.) Hidden
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (04/21/2011 01.0.0.0) (HKLM\...\BEA7B05370C19B9C86893BB484FD6B9CC52B0CD8) (Version: 04/21/2011 01.0.0.0 - Cambridge Silicon Radio Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Intel (iaStor) hdc  (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WISO Steuer 2010 (HKLM-x32\...\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}) (Version: 17.00.6531 - Buhl Data Service GmbH)
WISO Steuer 2011 (HKLM-x32\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)
WISO Steuer 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer 2014 (HKLM-x32\...\{87F03030-EEA6-4C3E-8554-7150CB7CDD95}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO steuer:Start 2015 (HKLM-x32\...\{B775D935-BB29-44EC-97C1-D93379569885}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Zeta Test Management 3.5.2 (nur entfernen) (HKLM-x32\...\ZetaTest) (Version: 3.5.2 - Zeta Software GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-08-24 21:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006Core.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006UA.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-12-03 23:17 - 2010-12-03 23:17 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-05-25 13:02 - 2011-08-09 15:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-09 12:29 - 2013-10-24 14:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2012-05-25 13:01 - 2010-10-26 22:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2012-05-25 13:04 - 2012-09-24 07:36 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-08-21 21:00 - 2015-08-18 07:21 - 01763144 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 21:00 - 2015-08-18 07:21 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Martin\Desktop\adwcleaner_4.206.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\audacity-win-2.0.5.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\AW_ Gessch__ftspartner Nr. 104234 Zugangsdaten Electronic Banking.eml:OECustomProperty
AlternateDataStreams: C:\Users\Martin\Downloads\BOM21412_setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\cdbxp_setup_4.4.1.3243_minimal (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\cdbxp_setup_4.4.1.3243_minimal.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u17 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u17.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u45.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u5 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u5 (2).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u5 (3).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u5.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u55 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u55.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u25 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u25 (2).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u25 (3).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u25.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u40.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\esetsmartinstaller_deu.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\Firefox Setup 22.0.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\FSCaptureSetup53.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\gimp-2.8.14-setup-1.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\gimp-help-2-2.8.1-de-setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\gmx_system_mechanic_checkup_nlfree (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\gmx_system_mechanic_checkup_nlfree.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\GoogleVoiceAndVideoSetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\IE11-Windows6.1-x64-de-de.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\IE11-Windows6.1.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\iview433_setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\KiesSetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\kontenzuweisungebilanztaxonomie (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\kontenzuweisungebilanztaxonomie.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\Lame_v3.99.3_for_Windows.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\LSCSetup64.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\lscsetup_x64_23002 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\lscsetup_x64_23002 (2).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\lscsetup_x64_23002 (3).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\lscsetup_x64_23002.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\MicrosoftFixit.Search.FISC.13233367100826842.2.1.Run.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\MicrosoftFixit.Search.LB.13233367100826842.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\PDFCreator-1_5_0_setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\PDFCreator-1_5_1_setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\pwhe811.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\Setup.x64.de-DE_ProPlusRetail_N9PB8-3BB24-KQR6M-XWCTC-9P8QD_act_1_.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\Setup.x86.de-DE_ProPlusRetail_N9PB8-3BB24-KQR6M-XWCTC-9P8QD_act_1_.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SetupCSShare (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SetupCSShare.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\setupproplusretail.x86.de-de_act_1_.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SmartSwitch_2.4.14094_1 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SmartSwitch_2.4.14094_1.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SpotifySetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\spybot-2.1.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\systemupdate503-2013-10-31.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\TeamViewerQS_de.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\unetbootin-windows-608.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\vlc-2.1.5-win64.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\webde_updatestardrivers_7.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\wmpfirefoxplugin.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\zetatest-setup.exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\Bose_BLUETOOTH_Speaker_Update.exe:BDU

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7866 mehr eingeschränkte Seiten.

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\startupreg: AllShare Play => C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{65C31413-CAFD-4AA0-8544-5CCECC897DDC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E20D265C-41AC-433D-86EB-88B51F20E160}] => (Allow) LPort=2869
FirewallRules: [{054D67EF-C8D8-4C9A-A8E3-60B866481A71}] => (Allow) LPort=1900
FirewallRules: [{6F997D80-7E34-42E7-97C9-EA3C04131F1B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AB33E3E0-B63B-4786-BE74-555C749B2847}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E6BB7750-3921-4437-A0FB-9793BF0362ED}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{C95277B3-2C65-40DD-AA0E-F5E960D66B99}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EADB7CC3-C441-4804-8442-4BF9D2AC2C3B}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{9D2D7886-9294-4F8A-9878-00F65A35F78B}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{E58089CB-9C6F-4B45-A425-21425EBEA61F}] => (Allow) LPort=26675
FirewallRules: [{A5D259B8-1E24-44D8-925A-973418DADDF0}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{11BF3425-A787-4B58-9D2B-2C72DDE0DF43}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{45F3EBE4-2362-42DA-BB3D-E2B47826BF43}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
FirewallRules: [{D4C040C5-EEB8-42C2-8BBB-25D5D7D6FB1F}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
FirewallRules: [{0E639FB5-2D1F-4A42-AC63-844D6CCB07FE}] => (Allow) LPort=8743
FirewallRules: [{55C1EF6B-A254-4CAF-AA6F-FBEE60CD78F2}] => (Allow) LPort=8643
FirewallRules: [{C7E88967-8ADF-4CEA-B239-D5F66B1229D1}] => (Allow) LPort=7676
FirewallRules: [{5CADC825-9D75-433D-BBE5-1613E7FEC6AB}] => (Allow) LPort=7679
FirewallRules: [{09F7981B-5ED2-44CF-BDEB-6481A387F722}] => (Allow) LPort=24234
FirewallRules: [{A576642A-B6A3-4AD2-B576-FF232782FF18}] => (Allow) LPort=7900
FirewallRules: [{97795763-46BA-40B8-AAF2-BD87F5234263}] => (Allow) LPort=1900
FirewallRules: [{B86DDEBD-0D59-4454-84A0-25EE772FC321}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6B371DFF-5A30-4ADC-A3D1-651B36F644B9}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{8DBD233F-34CD-4101-BEAD-197B15175185}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{EAA21005-8902-4458-9695-CEFFB39AFB58}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{D7422620-1D9C-45FB-96DF-E62A32815E56}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{7836E747-673F-4E33-84C3-4A457FEA76D6}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{680E8D43-4B54-4EDF-B8D2-90EA9C2DECF3}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{A3E3C498-51CE-47A6-A9C6-F3FFEC5AEC65}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1B5BB234-9C74-4F7F-90FE-65768AC5E94D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{866E18B8-D1FF-430E-BFCB-4851E8270BC9}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2347C662-81F0-4884-BD84-58B3FA47BB47}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{07DC2569-6AC0-42DE-A205-784989DC49F1}] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3AC39DC9-CAB0-4CD8-A00D-5CB664464643}] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{71E2F597-F80D-44F6-A3EA-9F2EDF059D6F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{895B7D9A-3AE8-428E-984C-1E69CA314B12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D6C9134-A351-473A-8FE6-8B1E92A5CA3C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B8066CF6-70EB-4133-8145-4B06541B008E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BEDEBD5A-0FF3-42C7-B50F-B51CE18A5931}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{295F63C8-2403-40C9-8A6D-FFD864C39B70}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{2DC454E3-B863-4D30-813B-676D9966F783}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{CF64102F-2C96-46B7-939F-1AE03CDF896F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/26/2015 07:54:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2015 07:53:50 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (08/26/2015 07:53:50 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (08/26/2015 07:29:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2015 07:28:40 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (08/26/2015 07:28:40 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (08/26/2015 06:10:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2015 06:09:38 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (08/26/2015 06:09:38 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (08/25/2015 08:08:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (08/26/2015 07:58:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/26/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/26/2015 06:14:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/25/2015 08:12:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/25/2015 08:08:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/25/2015 08:08:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/24/2015 10:01:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/24/2015 09:56:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (08/24/2015 09:56:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/24/2015 09:56:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office:
=========================
Error: (05/01/2014 01:41:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/20/2012 04:42:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1690 seconds with 480 seconds of active time.  This session ended with a crash.


CodeIntegrity:
===================================
  Date: 2015-08-24 21:19:46.046
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-08-24 21:19:45.972
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-09 21:35:23.871
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 21:35:23.777
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-09 03:52:52.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-09 03:52:51.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-31 15:37:17.237
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-31 15:37:17.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 10:23:50.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 10:23:50.684
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 8032.48 MB
Verfügbarer physikalischer RAM: 4585.83 MB
Summe virtueller Speicher: 16063.17 MB
Verfügbarer virtueller Speicher: 12021.99 MB

==================== Laufwerke ================================

Drive c: (Windows7_OS) (Fixed) (Total:238.33 GB) (Free:76.4 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Data) (Fixed) (Total:0.1 GB) (Free:0 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive f: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:448.54 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.72 GB) NTFS
Drive z: (pd_martin) (Network) (Total:5488.01 GB) (Free:3307.44 GB) NTFS

==================== MBR & Partitionstabelle ==================

==================== Ende von Addition.txt ============================
..Fortsetzung in Teil 3

Toshef 26.08.2015 21:41
Win7 SP1 // ERR_CONNECTION_CLOSED bei LogIn Teil 3
 
Teil 3

GMER
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-26 21:53:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.DXM0 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgtdqpow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                              00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                              000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                  0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                            0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                              0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                            0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                            000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                        00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                        0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                              000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                    0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                            000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                              0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                  000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                              00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                            00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                        00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2752] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                        00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                  0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                    00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                            00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                    000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                            0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                  000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                        0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                  0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                      000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                  00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                            00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                            00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                              0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                              0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                              000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                  00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                          00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                  000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                          0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                      0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                              000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                    000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                              00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                          00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                          00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                      0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                        0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                      0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                      000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                        00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                  00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                        000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                  0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                        000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                            0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                      000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                        0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                          000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                        00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                      00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                  00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                  00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                              0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                              0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                              000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                          00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                          0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                    0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                              000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                  000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                              00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                          00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5636] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                          00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                          0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                            0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                          0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                          000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                              00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                      00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                              000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                      0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                            000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                  0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                          000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                            0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                            00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                          00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                      00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[6544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                      00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                  0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                    0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                  0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                  000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                    00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                              00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                    000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                              0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                    000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                        0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                  000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                    0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                      000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                    00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                  00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                              00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                              00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                            0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                              0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                            0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                            000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                              00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                        00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                              000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                        0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                              000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                  0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                            000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                              0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                              00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                            00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                        00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                        00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      00000000772cde30 16 bytes [50, 48, B8, 34, 35, 57, F4, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  00000000772cdc80 16 bytes [50, 48, B8, 18, F0, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                                                        00000000772cddf0 16 bytes [50, 48, B8, 70, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            00000000772cde10 48 bytes [50, 48, B8, EC, EE, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                    00000000772cde50 16 bytes [50, 48, B8, 3C, F0, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx                                                      00000000772cdea0 32 bytes [50, 48, B8, 94, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                              00000000772cdee0 16 bytes [50, 48, B8, 7C, EE, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile                                                    00000000772cdf80 16 bytes [50, 48, B8, C4, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                            00000000772ce100 16 bytes [50, 48, B8, 40, ED, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                                                      00000000772ceb70 16 bytes [50, 48, B8, 10, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            00000000772cebc0 16 bytes [50, 48, B8, 4C, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile                                                00000000772ced10 16 bytes [50, 48, B8, D8, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  00000000772cdc80 16 bytes [50, 48, B8, 18, F0, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                                                        00000000772cddf0 16 bytes [50, 48, B8, 70, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            00000000772cde10 48 bytes [50, 48, B8, EC, EE, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                    00000000772cde50 16 bytes [50, 48, B8, 3C, F0, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx                                                      00000000772cdea0 32 bytes [50, 48, B8, 94, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                              00000000772cdee0 16 bytes [50, 48, B8, 7C, EE, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile                                                    00000000772cdf80 16 bytes [50, 48, B8, C4, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                            00000000772ce100 16 bytes [50, 48, B8, 40, ED, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                                                      00000000772ceb70 16 bytes [50, 48, B8, 10, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            00000000772cebc0 16 bytes [50, 48, B8, 4C, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile                                                00000000772ced10 16 bytes [50, 48, B8, D8, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  00000000772cdc80 16 bytes [50, 48, B8, 18, F0, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                                                        00000000772cddf0 16 bytes [50, 48, B8, 70, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            00000000772cde10 48 bytes [50, 48, B8, EC, EE, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                    00000000772cde50 16 bytes [50, 48, B8, 3C, F0, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx                                                      00000000772cdea0 32 bytes [50, 48, B8, 94, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                              00000000772cdee0 16 bytes [50, 48, B8, 7C, EE, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile                                                    00000000772cdf80 16 bytes [50, 48, B8, C4, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                            00000000772ce100 16 bytes [50, 48, B8, 40, ED, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                                                      00000000772ceb70 16 bytes [50, 48, B8, 10, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            00000000772cebc0 16 bytes [50, 48, B8, 4C, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile                                                00000000772ced10 16 bytes [50, 48, B8, D8, EF, 52, 3F, ...]
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                              000000007747fa2c 5 bytes JMP 000000016b63ea93
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey                                                            000000007747fa74 5 bytes JMP 000000016b63f0f8
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                  000000007747fa8c 5 bytes JMP 000000016b63d830
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey                                                            000000007747fadc 5 bytes JMP 000000016b63d38c
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                      000000007747faf4 5 bytes JMP 000000016b63d67d
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey                                                          000000007747fb8c 5 bytes JMP 000000016b63f338
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                  000000007747fc84 5 bytes JMP 000000016b64a713
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                        000000007747fd98 5 bytes JMP 000000016b63d1d4
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                            000000007747fdb0 5 bytes JMP 000000016b649d35
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                  000000007747fde4 5 bytes JMP 000000016b64a030
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                    000000007747fe90 5 bytes JMP 000000016b63e668
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                000000007747fea8 5 bytes JMP 000000016b649e5e
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                          0000000077480100 5 bytes JMP 000000016b649b7a
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                        0000000077480210 5 bytes JMP 000000016b63d9d8
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted                                                00000000774807a0 5 bytes JMP 000000016b63f3da
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile                                                          0000000077480a30 5 bytes JMP 000000016b649d72
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey                                                          0000000077480a48 5 bytes JMP 000000016b63cfa8
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                      0000000077480a90 5 bytes JMP 000000016b63db8e
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey                                                            0000000077480bcc 5 bytes JMP 000000016b63d0be
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                    0000000077480fbc 5 bytes JMP 000000016b63e01b
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                            0000000077480fd4 5 bytes JMP 000000016b63e1b7
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                          0000000077481064 5 bytes JMP 000000016b63f185
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted                                                  000000007748107c 5 bytes JMP 000000016b63f2a8
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx                                                0000000077481094 5 bytes JMP 000000016b63f215
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                            0000000077481388 5 bytes JMP 000000016b649f47
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                              00000000774814c8 5 bytes JMP 000000016b63de8e
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                0000000077481574 5 bytes JMP 000000016b63e37b
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey                                                          0000000077481764 5 bytes JMP 000000016b63dd06
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                  0000000077481aa4 5 bytes JMP 000000016b63d535
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                  0000000077481be8 5 bytes JMP 000000016b63e4fd
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                    0000000074e5103d 5 bytes JMP 000000016b623904
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                    0000000074e51072 5 bytes JMP 000000016b623d68
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                        0000000074e58781 5 bytes JMP 0000000163dda519
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                              0000000074e7c9b5 5 bytes JMP 000000016b623a1e
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\kernel32.dll!WinExec                                                            0000000074ed3051 5 bytes JMP 000000016b623c62
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                              00000000768c280a 5 bytes JMP 000000016b623f75
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW                                            0000000076539ebd 3 bytes JMP 0000000163df7d37
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW + 4                                        0000000076539ec1 1 byte [ED]
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA                                            0000000076540afa 3 bytes JMP 0000000163dfbd24
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA + 4                                        0000000076540afe 1 byte [ED]
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\USER32.dll!BeginPaint                                                          0000000076541361 5 bytes JMP 0000000163e0b407
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\USER32.dll!ValidateRect                                                        0000000076547849 5 bytes JMP 0000000163ff7d4f
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName                                                  0000000075787edb 5 bytes JMP 0000000163ee72ec
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                                    0000000076c06143 5 bytes JMP 00000001645852e2
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                              0000000076c0ea09 7 bytes JMP 000000016b65e370
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!OleRun                                                                0000000076c107de 5 bytes JMP 000000016b65de9e
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject                                                0000000076c121e1 5 bytes JMP 000000016b661745
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!OleUninitialize                                                      0000000076c1eba1 6 bytes JMP 000000016b65de15
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!OleInitialize                                                        0000000076c1efd7 5 bytes JMP 000000016b65ddcd
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoGetClassObject                                                      0000000076c354ad 5 bytes JMP 000000016b65fdbb
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoInitializeEx                                                        0000000076c409ad 5 bytes JMP 000000016b65dd6d
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoUninitialize                                                        0000000076c486d3 5 bytes JMP 000000016b6607cf
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                      0000000076c49d0b 5 bytes JMP 000000016b6614ec
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                    0000000076c49d4e 5 bytes JMP 000000016b65f3c7
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                            0000000076c6baf9 7 bytes JMP 000000016b65dee6
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject                                                  0000000076c8eabf 5 bytes JMP 000000016b65fa7c
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                0000000076cc352c 5 bytes JMP 000000016b6608cf
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                  0000000076d0d0f1 5 bytes JMP 000000016b65de56
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\oleaut32.dll!SysFreeString                                                      0000000074f63e59 5 bytes JMP 0000000163e2a2e7
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\oleaut32.dll!VariantClear                                                      0000000074f63eae 5 bytes JMP 0000000163e4c3d3
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\oleaut32.dll!SysAllocStringByteLen                                              0000000074f64731 5 bytes JMP 0000000163ed6e75
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\oleaut32.dll!VariantChangeType                                                  0000000074f65dee 5 bytes JMP 0000000163ee0845
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject                                              0000000074f927a6 5 bytes JMP 000000016b6603db
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject                                                0000000074f9329c 5 bytes JMP 000000016b65dd25
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\oleaut32.dll!GetActiveObject                                                    0000000074fa8f68 5 bytes JMP 000000016b66056f
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                            0000000077431401 2 bytes JMP 74e7b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                              0000000077431419 2 bytes JMP 74e7b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                            0000000077431431 2 bytes JMP 74ef8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                            000000007743144a 2 bytes CALL 74e5489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                00000000774314dd 2 bytes JMP 74ef8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                        00000000774314f5 2 bytes JMP 74ef89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                000000007743150d 2 bytes JMP 74ef8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                        0000000077431525 2 bytes JMP 74ef8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                              000000007743153d 2 bytes JMP 74e6fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                    0000000077431555 2 bytes JMP 74e768ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                            000000007743156d 2 bytes JMP 74ef8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                              0000000077431585 2 bytes JMP 74ef8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                  000000007743159d 2 bytes JMP 74ef86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                              00000000774315b5 2 bytes JMP 74e6fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                            00000000774315cd 2 bytes JMP 74e7b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                        00000000774316b2 2 bytes JMP 74ef8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                        00000000774316bd 2 bytes JMP 74ef8671 C:\Windows\syswow64\kernel32.dll
?        C:\Windows\system32\mssprxy.dll [7880] entry point in ".rdata" section                                                                                                  000000006e3e71e6
.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7880] C:\Program Files\Microsoft Office 15\Root\Office15\outlrpc.dll!MAPIRevokeMoniker@4 + 657            000000006d17287c 4 bytes [40, 3A, 3C, 2E]
?        C:\Windows\System32\NLSData0000.dll [7880] entry point in ".rdata" section                                                                                              0000000057c6c541
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  00000000772cdc80 16 bytes [50, 48, B8, 18, F0, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                                                        00000000772cddf0 16 bytes [50, 48, B8, 70, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            00000000772cde10 48 bytes [50, 48, B8, EC, EE, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                    00000000772cde50 16 bytes [50, 48, B8, 3C, F0, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx                                                      00000000772cdea0 32 bytes [50, 48, B8, 94, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                              00000000772cdee0 16 bytes [50, 48, B8, 7C, EE, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile                                                    00000000772cdf80 16 bytes [50, 48, B8, C4, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                            00000000772ce100 16 bytes [50, 48, B8, 40, ED, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                                                      00000000772ceb70 16 bytes [50, 48, B8, 10, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            00000000772cebc0 16 bytes [50, 48, B8, 4C, EF, 52, 3F, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile                                                00000000772ced10 16 bytes [50, 48, B8, D8, EF, 52, 3F, ...]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1468:6748]                                                                                                                              000007feed470360
Thread  C:\Windows\system32\svchost.exe [1468:6944]                                                                                                                              000007feed46fba4
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [6692:7036]                                                                                                          000007fefc002bf8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [6692:7044]                                                                                                          000007feee4d5648
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [6692:7052]                                                                                                          000007feee4d5648
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [6692:6280]                                                                                                          000007fef7f15124
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [6692:4644]                                                                                                          000007feee436590
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [6692:1628]                                                                                                          000007feee4d5648
---- Processes - GMER 2.1 ----

Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [7880]      0000000063dd0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [7880]  000000006b300000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [7880]    0000000067bb0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4e33633                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4e33633 (not active ControlSet)                                                                         

---- EOF - GMER 2.1 ----

cosinus 26.08.2015 23:54
Hi und :hallo:

du hattest bei der Ausführung von FRST keine Adminrechte. Bitte hole das nach, denn nur mit vollen Rechten können sinnvolle Logfiles erstellt werden. Bitte in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Toshef 27.08.2015 22:29
Guten Abend,

danke für die schnelle Reaktion - kein Thema, mache ich neu, thx für den Hinweis...

FRST

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
durchgeführt von Admin (Administrator) auf THINK_MOBIL (27-08-2015 23:14:39)
Gestartet von C:\Users\Martin\Desktop\TrojanerBoard
Geladene Profile: Admin & Martin (Verfügbare Profile: Thomas & Admin & Martin & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe
(Copyright 2012 SAMSUNG) C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Copyright 2012 SAMSUNG) C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Spotify Ltd) C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Users\Martin\AppData\Local\Apps\2.0\YN52DQZR.EL2\AWOJH3J0.C7H\lsb...tion_91a10ba61c75c82d_0001.0004_53146ffb7155a994\LSB.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2962232 2012-10-18] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-24] (Bitdefender)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [VMware hqtray] => C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64112 2010-11-11] (VMware, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\...\Run: [Bix] => C:\Users\Admin\AppData\Roaming\Bix\Dlls\BixLauncher.exe [24968 2014-09-09] ()
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\Run: [Google Update] => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-29] (Google Inc.)
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\Run: [Spotify Web Helper] => C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1806904 2015-03-07] (Spotify Ltd)
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-05-25]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013-04-01]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Produktregistrierung.lnk [2012-07-16]
ShortcutTarget: Lenovo Produktregistrierung.lnk -> C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
ShellIconOverlayIdentifiers: [  0_OneComShellExt1] -> {F6BBFE20-F40C-449D-867A-70D304E407CC} => C:\Users\Admin\AppData\Roaming\Bix\Extensions\OnecomShellExt.dll [2015-02-22] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [  0_OneComShellExt2] -> {12BC1D5F-8949-451A-9F47-0240E9E31D11} => C:\Users\Admin\AppData\Roaming\Bix\Extensions\OnecomShellExt.dll [2015-02-22] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [  0_OneComShellExt3] -> {817B4083-0CBC-4538-BB47-746BA33CE791} => C:\Users\Admin\AppData\Roaming\Bix\Extensions\OnecomShellExt.dll [2015-02-22] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.planetromeo.com/
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1502967087-3225744061-2520733942-1005 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE490
SearchScopes: HKU\S-1-5-21-1502967087-3225744061-2520733942-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE490
SearchScopes: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE490
SearchScopes: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE490
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1502967087-3225744061-2520733942-1005 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Toolbar: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006 -> Kein Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  Keine Datei
Toolbar: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1D202F41-BA2A-4229-A495-BD28524ABDDB}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6E9C244A-7F94-4EFA-A244-1B8DF009B825}: [DhcpNameServer] 172.18.15.254 172.18.15.253
Tcpip\..\Interfaces\{BA53AA3A-72CA-4061-B50A-A2453477AFF5}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7v5it0vj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-03-15] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502967087-3225744061-2520733942-1006: @talk.google.com/GoogleTalkPlugin -> C:\Users\Martin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1502967087-3225744061-2520733942-1006: @talk.google.com/O1DPlugin -> C:\Users\Martin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1502967087-3225744061-2520733942-1006: @tools.google.com/Google Update;version=3 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502967087-3225744061-2520733942-1006: @tools.google.com/Google Update;version=9 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-03-30] (Apple Inc.)
FF Extension: Amazon-Icon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7v5it0vj.default\Extensions\amazon-icon@giga.de [2014-07-13]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-04-09]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-08]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-08]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-08]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-08]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-08]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-08]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-08]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe [408184 2012-10-23] (Samsung)
R2 AllShare Play Service; C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe [662752 2012-12-20] (Copyright 2012 SAMSUNG)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-24] (Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-09-24] (Lenovo.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [Datei ist nicht signiert]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [Datei ist nicht signiert]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-04-29] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-10-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-24] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-24] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
U4 bdselfpr; kein ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-27 00:07 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-27 00:07 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-26 23:48 - 2015-07-16 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-26 23:48 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-26 23:48 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-26 23:48 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-26 23:48 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-26 23:48 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-26 23:48 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-26 23:48 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-26 23:48 - 2015-07-16 21:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-26 23:48 - 2015-07-16 21:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-26 23:48 - 2015-07-16 21:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-26 23:48 - 2015-07-16 21:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-26 23:48 - 2015-07-16 21:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-26 23:48 - 2015-07-16 21:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-26 23:48 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-26 23:48 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-26 23:48 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-26 23:48 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-26 23:48 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-26 23:48 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-26 23:48 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-26 23:48 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-26 23:48 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-26 23:48 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-26 23:48 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-26 23:48 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-26 23:48 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-26 23:48 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-26 23:48 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-26 23:48 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-26 23:48 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-26 23:48 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-26 23:48 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-26 23:48 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-26 23:48 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-26 23:48 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-26 23:48 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-26 23:48 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-26 23:48 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-26 23:48 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-26 23:48 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-26 23:48 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-26 23:48 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-26 23:48 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-26 23:48 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-26 23:48 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-26 23:48 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-26 23:48 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-26 23:48 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-26 23:48 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-26 23:48 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-26 23:48 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-26 23:48 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-26 23:48 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-26 23:48 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-26 23:48 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-26 23:48 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-26 23:48 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-26 23:48 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-26 23:48 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-26 23:47 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-26 23:47 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-26 23:47 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-26 23:47 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-26 23:47 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-26 23:47 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-26 23:47 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-26 23:47 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-26 23:47 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-26 23:47 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-26 23:47 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-26 23:47 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-26 23:47 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-26 23:47 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-26 23:47 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-26 23:47 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-26 23:47 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-26 23:47 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-26 23:47 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-26 23:47 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-26 23:47 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-26 23:47 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-26 23:47 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-26 23:47 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-26 23:47 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-26 23:47 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-26 23:47 - 2015-07-16 23:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-26 23:47 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-26 23:47 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-26 23:47 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-26 23:47 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-26 23:47 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-26 23:47 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-26 23:47 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-26 23:47 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-26 23:47 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-26 23:47 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-26 23:47 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-26 23:47 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-26 23:47 - 2015-07-16 22:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-26 23:47 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-26 23:47 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-26 23:47 - 2015-07-16 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-26 23:47 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-26 23:47 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-26 23:47 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-26 23:47 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-26 23:47 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-26 23:47 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-26 23:47 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-26 23:47 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-26 23:47 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-26 23:47 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-26 23:47 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-26 23:47 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-26 23:47 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-26 23:47 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-26 23:47 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-26 23:47 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-26 23:47 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-26 23:47 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-26 23:47 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-26 23:47 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-26 23:47 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-26 23:47 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-26 23:47 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-26 23:47 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-26 23:47 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-26 23:47 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-26 23:47 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-26 23:47 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-26 23:47 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-26 23:47 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-26 23:47 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-26 23:47 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-26 23:47 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-26 23:47 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-26 23:47 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-26 23:47 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-26 23:47 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-26 23:47 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-26 23:47 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-26 23:47 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-26 23:47 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-26 23:47 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-26 23:47 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-26 23:47 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-26 23:47 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-26 23:47 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-26 23:47 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-26 23:47 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-26 23:47 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-26 23:47 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-26 23:47 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-26 23:42 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-26 23:42 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-26 23:42 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-26 23:42 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-26 23:42 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-26 23:42 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-26 23:42 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-26 23:42 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-26 20:21 - 2015-08-26 20:21 - 00490568 _____ () C:\Users\Martin\Downloads\LSBsetup (1).exe
2015-08-26 20:21 - 2015-08-26 20:21 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-26 20:21 - 2015-08-26 20:21 - 00000000 ____D C:\Users\Martin\AppData\Local\Deployment
2015-08-26 20:20 - 2015-08-26 20:20 - 00490568 _____ () C:\Users\Martin\Downloads\LSBsetup.exe
2015-08-24 22:05 - 2015-08-24 22:05 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-24 22:05 - 2015-08-24 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-24 22:05 - 2015-08-24 22:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-24 22:05 - 2015-08-24 22:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-24 22:05 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-24 22:05 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-24 22:05 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-24 21:30 - 2015-08-24 21:30 - 00000000 ____D C:\Users\Martin\AppData\Local\TempTaskUpdateDetection2DA89425-1AD8-49F4-9FC5-82E4DEA3F914
2015-08-24 20:45 - 2015-08-24 20:45 - 00000000 ____D C:\Users\Martin\AppData\Local\TempTaskUpdateDetectionA1D10E8D-BC16-4782-97BB-7350A1032B2D
2015-08-24 20:34 - 2015-08-24 21:33 - 00000000 ___SD C:\ComboFix
2015-08-24 20:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-24 20:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-24 20:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-24 20:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-24 19:42 - 2015-08-24 21:20 - 00000000 ____D C:\Windows\erdnt
2015-08-24 19:42 - 2015-08-24 20:34 - 00000000 ____D C:\Qoobox
2015-08-23 20:24 - 2015-08-27 23:14 - 00000000 ____D C:\FRST
2015-08-23 20:24 - 2015-08-23 20:24 - 00000000 _____ C:\Users\Admin\defogger_reenable
2015-08-22 18:33 - 2015-08-27 23:14 - 00000000 ____D C:\Users\Martin\Desktop\TrojanerBoard
2015-08-21 21:59 - 2015-08-21 22:00 - 02870984 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_deu.exe
2015-08-19 23:53 - 2015-08-19 23:53 - 00002002 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-08-10 00:34 - 2015-08-10 00:34 - 63320784 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\IE11-Windows6.1-x64-de-de.exe
2015-08-10 00:33 - 2015-08-10 00:34 - 02077392 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\IE11-Windows6.1.exe
2015-08-08 17:54 - 2015-08-09 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-06 21:59 - 2015-08-06 21:59 - 00000000 ____D C:\Users\Martin\Desktop\Torchat
2015-08-04 19:36 - 2015-08-04 23:26 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-04 19:36 - 2015-08-04 19:36 - 00003518 _____ C:\Windows\System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-27 23:14 - 2013-10-29 11:10 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006UA.job
2015-08-27 23:05 - 2015-06-07 22:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 23:00 - 2012-07-18 18:22 - 00000575 _____ C:\Windows\system32\checkdnsid.xml
2015-08-27 22:52 - 2012-09-04 08:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-27 21:31 - 2009-07-14 06:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-27 21:31 - 2009-07-14 06:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-27 21:14 - 2013-10-29 11:10 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006Core.job
2015-08-27 20:13 - 2012-05-25 12:50 - 01553260 _____ C:\Windows\WindowsUpdate.log
2015-08-27 20:05 - 2015-06-07 22:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 20:00 - 2015-06-07 22:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 20:00 - 2015-06-07 22:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-27 19:41 - 2013-08-16 08:41 - 00159561 _____ C:\Windows\setupact.log
2015-08-27 19:36 - 2012-05-25 22:33 - 00720856 _____ C:\Windows\system32\perfh007.dat
2015-08-27 19:36 - 2012-05-25 22:33 - 00156878 _____ C:\Windows\system32\perfc007.dat
2015-08-27 19:36 - 2009-07-14 07:13 - 01666642 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-27 19:30 - 2013-10-16 18:39 - 00000000 ____D C:\ProgramData\VMware
2015-08-27 19:29 - 2013-03-13 15:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-27 19:29 - 2013-03-13 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-27 19:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-27 19:29 - 2009-07-14 06:45 - 00583040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-27 07:39 - 2014-12-10 22:56 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-27 07:39 - 2014-05-07 22:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-27 00:08 - 2012-06-22 15:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-27 00:07 - 2013-03-13 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-26 23:57 - 2013-08-02 13:39 - 00000000 ____D C:\Windows\system32\MRT
2015-08-26 23:49 - 2012-06-28 15:51 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-26 23:31 - 2013-10-08 06:17 - 00329840 _____ C:\Windows\PFRO.log
2015-08-26 23:31 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-26 20:35 - 2012-06-29 08:29 - 00000000 ____D C:\Users\Martin\Desktop\Haushalt
2015-08-26 20:21 - 2012-06-30 13:14 - 00000000 ____D C:\Users\Martin\AppData\Local\Apps\2.0
2015-08-26 20:21 - 2012-05-25 13:05 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2015-08-25 20:22 - 2013-07-07 15:27 - 00000000 ____D C:\Users\Martin\Desktop\Astra
2015-08-25 20:21 - 2015-04-18 18:33 - 00000000 ____D C:\Users\Martin\Desktop\Ketamin_Depression
2015-08-24 21:55 - 2015-06-07 18:07 - 00000000 ____D C:\AdwCleaner
2015-08-24 21:37 - 2015-04-18 18:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-24 21:20 - 2009-07-14 04:34 - 21233664 _____ C:\Windows\system32\config\SYSTEM.bak
2015-08-24 21:20 - 2009-07-14 04:34 - 122159104 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-08-24 21:20 - 2009-07-14 04:34 - 06553600 _____ C:\Windows\system32\config\DEFAULT.bak
2015-08-24 21:20 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-08-24 21:20 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-08-23 20:24 - 2012-06-28 14:42 - 00000000 ____D C:\Users\Admin
2015-08-21 21:00 - 2015-06-07 22:49 - 00002186 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-19 23:53 - 2014-05-18 12:38 - 00000000 ____D C:\Users\Martin\AppData\Roaming\LSC
2015-08-19 23:53 - 2012-05-25 13:00 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-08-19 23:03 - 2012-05-25 13:05 - 00000000 ____D C:\Windows\Downloaded Installations
2015-08-18 23:54 - 2013-07-29 15:38 - 00007647 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-08-17 19:51 - 2012-06-28 15:48 - 00158960 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-13 00:52 - 2012-09-04 08:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-13 00:52 - 2012-07-27 15:49 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 00:52 - 2012-07-27 15:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 23:10 - 2012-06-28 16:34 - 00000000 ____D C:\Users\Martin\Desktop\Abbildungen
2015-08-10 00:35 - 2013-12-02 03:58 - 00019759 _____ C:\Windows\IE11_main.log
2015-08-09 23:40 - 2013-07-12 07:12 - 00000000 ____D C:\Lenovo
2015-08-09 23:40 - 2012-07-04 07:41 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-08-09 23:40 - 2012-05-25 22:23 - 00000000 ____D C:\ProgramData\Lenovo
2015-08-09 23:40 - 2012-05-25 13:01 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-08-09 23:39 - 2012-07-04 07:37 - 00158960 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-08-09 23:29 - 2012-08-21 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 16:11 - 2012-06-28 12:42 - 00158960 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-09 16:09 - 2015-04-18 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-08 20:34 - 2015-06-07 17:50 - 00000467 _____ C:\Users\Martin\Downloads\debug.log
2015-08-08 20:34 - 2012-06-28 15:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2015-08-08 20:34 - 2012-06-28 15:12 - 00000000 ____D C:\Users\Martin\AppData\Local\Google
2015-08-06 22:53 - 2012-11-16 14:06 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2015-08-06 22:42 - 2012-10-12 15:55 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Media Player Classic
2015-08-04 23:26 - 2013-06-30 14:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-04 23:23 - 2014-09-23 14:35 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-07-31 06:28 - 2014-05-09 17:27 - 00000000 ____D C:\Users\Martin\Desktop\Diverse Infos

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-04-01 19:37 - 2013-07-16 15:38 - 0001188 _____ () C:\Users\Admin\AppData\Local\crc32list11.txt
2014-01-30 19:45 - 2014-01-30 19:56 - 0001432 _____ () C:\Users\Admin\AppData\Local\RecConfig.xml
2013-07-29 15:38 - 2015-08-18 23:54 - 0007647 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2012-06-28 15:10 - 2015-05-31 15:34 - 0001890 ___SH () C:\ProgramData\KGyGaAvL.sys

Einige Dateien in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2014-07-28 08:14

==================== Ende von FRST.txt ============================

Toshef 27.08.2015 22:30
Addition

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-08-2015
durchgeführt von Admin (2015-08-27 23:15:10)
Gestartet von C:\Users\Martin\Desktop\TrojanerBoard
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-1502967087-3225744061-2520733942-1005 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1502967087-3225744061-2520733942-500 - Administrator - Disabled)
Gast (S-1-5-21-1502967087-3225744061-2520733942-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1502967087-3225744061-2520733942-1020 - Limited - Enabled)
Martin (S-1-5-21-1502967087-3225744061-2520733942-1006 - Limited - Enabled) => C:\Users\Martin
Thomas (S-1-5-21-1502967087-3225744061-2520733942-1003 - Limited - Enabled) => C:\Users\Thomas
__vmware_user__ (S-1-5-21-1502967087-3225744061-2520733942-1030 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Bitdefender Virenschutz (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AllShare Framework DMS (HKLM\...\{1ABC9BD2-7E06-4D70-929B-AC1B6461A8B2}) (Version: 1.3.06 - Samsung)
AllShare Play 1.5.0.1212201836 (HKLM\...\8474-7877-9059-0204) (Version: 1.5.0.1212201836 - Copyright 2012 SAMSUNG)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.6 - Bison WebCam Ap)
Bitdefender Internet Security 2013 (HKLM\...\Bitdefender) (Version: 16.28.0.1789 - Bitdefender)
Bix (HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\...\Bix) (Version:  - One.com, Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.910 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.882 - Corel Inc.)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang CZ (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (x32 Version: 14.1 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - Lang PL (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang SU (x32 Version: 14.1 - Yrityksen nimi) Hidden
CorelDRAW Graphics Suite X4 - Lang SV (x32 Version: 14.1 - Ditt företagsnamn) Hidden
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM-x32\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM-x32\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.36 - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1132 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1132 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\cbe8636f7dd0cf1d) (Version: 1.4.0.0 - Lenovo)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0003 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 39.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 de)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.6.4.6052 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.4.6052 - MPC-HC Team)
MS-Buchhalter Start 3.0 (HKLM-x32\...\MS-Buchhalter Start) (Version: 3.0 - Michael Schroeder)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\...\MyFreeCodec) (Version:  - )
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Data Migration (HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 0.9.1.23 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\...\Spotify) (Version: 0.9.16.25.g241bf986 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TaxSystems Business 8 (HKLM-x32\...\{DAA71320-C85E-4EE6-8090-E7CCCEB46F05}) (Version: 8.0.602 - TaxSystems GmbH & Co. KG)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.910 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 3.1.3.14951 - VMware, Inc)
VMware Player (x32 Version: 3.1.3.14951 - VMware, Inc.) Hidden
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (04/21/2011 01.0.0.0) (HKLM\...\BEA7B05370C19B9C86893BB484FD6B9CC52B0CD8) (Version: 04/21/2011 01.0.0.0 - Cambridge Silicon Radio Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Intel (iaStor) hdc  (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WISO Steuer 2009 (HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\...\{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}) (Version: 16.00.6228 - Buhl Data Service GmbH)
WISO Steuer 2010 (HKLM-x32\...\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}) (Version: 17.00.6531 - Buhl Data Service GmbH)
WISO Steuer 2011 (HKLM-x32\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)
WISO Steuer 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer 2014 (HKLM-x32\...\{87F03030-EEA6-4C3E-8554-7150CB7CDD95}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO steuer:Start 2015 (HKLM-x32\...\{B775D935-BB29-44EC-97C1-D93379569885}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Zeta Test Management 3.5.2 (nur entfernen) (HKLM-x32\...\ZetaTest) (Version: 3.5.2 - Zeta Software GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1502967087-3225744061-2520733942-1005_Classes\CLSID\{12BC1D5F-8949-451A-9F47-0240E9E31D11}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Bix\Extensions\OnecomShellExt.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1502967087-3225744061-2520733942-1005_Classes\CLSID\{817B4083-0CBC-4538-BB47-746BA33CE791}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Bix\Extensions\OnecomShellExt.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1502967087-3225744061-2520733942-1005_Classes\CLSID\{82BE2FCE-087F-4057-BCC3-27F96DC8AF18}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Bix\Extensions\OnecomShellExt.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1502967087-3225744061-2520733942-1005_Classes\CLSID\{F6BBFE20-F40C-449D-867A-70D304E407CC}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Bix\Extensions\OnecomShellExt.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1502967087-3225744061-2520733942-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Wiederherstellungspunkte =========================

17-08-2015 20:03:33 Windows-Sicherung
19-08-2015 23:53:30 Installed Lenovo Solution Center.
24-08-2015 20:34:15 ComboFix created restore point
26-08-2015 23:48:58 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-08-24 21:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {096EB711-581F-4225-87D4-581CA3878384} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {0BE6171E-1AD7-479C-9D60-B06ACDF5F7FE} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-08-17] (Lenovo)
Task: {0BFECD4A-5F53-477B-8D12-530002A0FDC2} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {1160551E-D937-4A60-B730-2F6430B69CE1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {207273BC-0CCC-4EB3-A167-9709A86156F4} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2013\bdproductdata.exe [2015-08-04] (Bitdefender)
Task: {3B833FAC-417C-4A6F-B7E2-E545ACEB8256} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {4A2D0DBA-38BE-4E44-8F3A-9FD31857DD95} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {54C3D59C-C23A-4E92-8901-4CF8A15346CF} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for THINK_MOBIL.Admin => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {563C1E5F-AD41-4166-9C84-B9355F93E42A} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for THINK_MOBIL.Martin_2 => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {5763F04E-A85E-40AC-9720-3D9232138EE3} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {5A46746F-8141-4015-859C-5C643BEA5BF8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006Core => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-29] (Google Inc.)
Task: {625DCB02-C3F9-4025-8038-F7CDB52D52B3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {674E475E-2DA1-4179-AF76-5A92E70E36B3} - System32\Tasks\{20D9248F-A99A-4EBC-8FE4-D38145E7ECB9} => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {70D4FE85-6332-4779-8F05-90CC3B60EC1C} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for THINK_MOBIL.Martin => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {760F8D0C-C365-4B42-A85B-59AF36B7A43F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7F46650F-F51F-49A4-925A-0DB2375BF471} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for THINK_MOBIL.Thomas => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {82742E9E-6135-4C15-8EED-0E82E9ED7296} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2011-12-21] (Lenovo)
Task: {888D0ADD-50D0-4903-859F-79178E734C54} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {88B6FA77-FE63-40E2-8991-9B081615AE72} - System32\Tasks\{BD913484-A774-4A50-9D2C-3AC1AAA6761F} => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {9010D588-A3A8-43C8-82F9-1F44BFBE8B9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {9DA553DC-77B2-42DF-B4D9-1BDB0FB97EDF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {9E78CDF4-92B6-472A-BB8D-68C14899D300} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {AC97D1A5-D246-49C2-A432-88CCFBEA7EC4} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {AD962BA1-5241-46E8-9FDD-A792F06F94D9} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1502967087-3225744061-2520733942-1006 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {AF06D884-5829-4A5D-AABE-4A362D548A2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B951C7B9-7076-4BDE-8CA0-EBF44821BB0C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {C1B4FA49-AE66-4B2B-BD03-133F373AD6BF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {DE6011C4-00D8-48D0-BA23-830082199B6A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {EB1935FA-CD51-4FFD-BEBE-804B3FF8B83C} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2011-12-21] (Lenovo)
Task: {F0DD77A8-787E-4638-B2E3-25A32E74BC3A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-07-01] ()
Task: {F83CEBF6-DD63-4059-BD20-A25038C17067} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {F83E7F98-1DA2-481E-A3BD-65236F1A7EFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {FD4AC8DB-2D0B-4A36-B654-AADB139DD845} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006UA => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-29] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006Core.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502967087-3225744061-2520733942-1006UA.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-04-09 12:29 - 2013-10-24 14:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-10-24 14:45 - 2013-10-24 14:45 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2013-04-09 12:29 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
2013-04-09 12:29 - 2013-10-24 14:45 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2015-08-17 20:53 - 2015-08-17 20:53 - 00875864 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00650_034\ashttpbr.mdl
2015-08-17 20:53 - 2015-08-17 20:53 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00650_034\ashttpdsp.mdl
2015-08-17 20:53 - 2015-08-17 20:53 - 02801464 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00650_034\ashttpph.mdl
2015-08-17 20:53 - 2015-08-17 20:53 - 01412512 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00650_034\ashttprbl.mdl
2015-04-18 18:07 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-12-03 23:17 - 2010-12-03 23:17 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-05-25 13:02 - 2011-08-09 15:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-25 13:01 - 2010-10-26 22:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2012-05-25 13:04 - 2012-09-24 07:36 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-08-21 21:00 - 2015-08-18 07:21 - 01763144 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 21:00 - 2015-08-18 07:21 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2012-10-22 17:55 - 2012-10-22 17:55 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DMSManager.dll
2012-10-05 18:27 - 2012-10-05 18:27 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ContentDirectoryPresenter.dll
2012-08-21 20:06 - 2012-08-21 20:06 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DCMCDP.dll
2012-08-21 20:06 - 2012-08-21 20:06 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\FolderCDP.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\MetadataFramework.dll
2012-08-14 12:13 - 2012-08-14 12:13 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\sqlite3.dll
2012-08-14 12:13 - 2012-08-14 12:13 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\MoodExtractor.dll
2012-08-14 12:43 - 2012-08-14 12:43 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DCMImgExtractor.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AutoChaptering.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libexpat.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoThumb.dll
2012-08-14 12:43 - 2012-08-14 12:43 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avcodec-52.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avutil-50.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avformat-52.dll
2012-08-14 12:43 - 2012-08-14 12:43 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\swscale-0.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AudioExtractor.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00063488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ID3Driver.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\tag.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libThumbnail.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\RichInfoDriver.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoExtractor.dll
2012-10-22 17:55 - 2012-10-22 17:55 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ThumbnailMaker.dll
2012-10-22 17:55 - 2012-10-22 17:55 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ImageMagickWrapper.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00133120 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoMetadataDriver.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libKeyFrame.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\SECMetaDriver.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ImageExtractor.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\photoDriver.dll
2012-08-14 12:43 - 2012-08-14 12:43 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libexif-12.dll.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\TextExtractor.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\Autobackup.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\RosettaAllShare.dll
2012-08-21 12:25 - 2012-08-21 12:25 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_serialization-vc90-mt-1_47.dll
2012-08-21 12:26 - 2012-08-21 12:26 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_date_time-vc90-mt-1_47.dll
2012-08-21 12:25 - 2012-08-21 12:25 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_system-vc90-mt-1_47.dll
2012-08-21 12:26 - 2012-08-21 12:26 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_thread-vc90-mt-1_47.dll
2012-08-14 12:42 - 2012-08-14 12:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\us.dll
2015-06-07 19:43 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-07 19:43 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-07 19:43 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2010-11-11 13:31 - 2010-11-11 13:31 - 00970352 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2010-11-11 13:31 - 2010-11-11 13:31 - 00068720 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
2012-05-25 13:05 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-05-25 13:05 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2015-04-18 18:08 - 2015-04-18 18:08 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-18 18:08 - 2015-04-18 18:10 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2015-07-22 18:06 - 2015-06-16 16:08 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Admin\Downloads\adwcleaner_4.206 (1).exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\ccsetup404_slim.exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\chromeinstall-7u5 (1).exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\chromeinstall-7u5.exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\chromeinstall-7u9.exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\chromeinstall-8u25.exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\Firefox Setup 13.0.1.exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\iview433_setup.exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\jre-7u5-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\Admin\Downloads\jre-7u5-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Martin\Desktop\adwcleaner_4.206.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\audacity-win-2.0.5.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\AW_ Gessch__ftspartner Nr. 104234 Zugangsdaten Electronic Banking.eml:OECustomProperty
AlternateDataStreams: C:\Users\Martin\Downloads\BOM21412_setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\cdbxp_setup_4.4.1.3243_minimal (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\cdbxp_setup_4.4.1.3243_minimal.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u17 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u17.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u45.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u5 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u5 (2).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u5 (3).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u5.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u55 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u55.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u25 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u25 (2).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u25 (3).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u25.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\chromeinstall-8u40.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\esetsmartinstaller_deu.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\Firefox Setup 22.0.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\FSCaptureSetup53.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\gimp-2.8.14-setup-1.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\gimp-help-2-2.8.1-de-setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\gmx_system_mechanic_checkup_nlfree (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\gmx_system_mechanic_checkup_nlfree.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\GoogleVoiceAndVideoSetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\IE11-Windows6.1-x64-de-de.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\IE11-Windows6.1.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\iview433_setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\KiesSetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\kontenzuweisungebilanztaxonomie (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\kontenzuweisungebilanztaxonomie.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\Lame_v3.99.3_for_Windows.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\LSCSetup64.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\lscsetup_x64_23002 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\lscsetup_x64_23002 (2).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\lscsetup_x64_23002 (3).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\lscsetup_x64_23002.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\MicrosoftFixit.Search.FISC.13233367100826842.2.1.Run.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\MicrosoftFixit.Search.LB.13233367100826842.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\PDFCreator-1_5_0_setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\PDFCreator-1_5_1_setup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\pwhe811.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\Setup.x64.de-DE_ProPlusRetail_N9PB8-3BB24-KQR6M-XWCTC-9P8QD_act_1_.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\Setup.x86.de-DE_ProPlusRetail_N9PB8-3BB24-KQR6M-XWCTC-9P8QD_act_1_.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SetupCSShare (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SetupCSShare.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\setupproplusretail.x86.de-de_act_1_.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SmartSwitch_2.4.14094_1 (1).exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SmartSwitch_2.4.14094_1.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\SpotifySetup.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\spybot-2.1.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\systemupdate503-2013-10-31.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\TeamViewerQS_de.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\unetbootin-windows-608.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\vlc-2.1.5-win64.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\webde_updatestardrivers_7.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\wmpfirefoxplugin.exe:BDU
AlternateDataStreams: C:\Users\Martin\Downloads\zetatest-setup.exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\Bose_BLUETOOTH_Speaker_Update.exe:BDU
AlternateDataStreams: C:\Users\Thomas\Downloads\chromeinstall-7u7 (1).exe:BDU
AlternateDataStreams: C:\Users\Thomas\Downloads\chromeinstall-7u7.exe:BDU

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7866 mehr eingeschränkte Seiten.

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1502967087-3225744061-2520733942-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1502967087-3225744061-2520733942-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\startupreg: AllShare Play => C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{65C31413-CAFD-4AA0-8544-5CCECC897DDC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E20D265C-41AC-433D-86EB-88B51F20E160}] => (Allow) LPort=2869
FirewallRules: [{054D67EF-C8D8-4C9A-A8E3-60B866481A71}] => (Allow) LPort=1900
FirewallRules: [{6F997D80-7E34-42E7-97C9-EA3C04131F1B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AB33E3E0-B63B-4786-BE74-555C749B2847}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E6BB7750-3921-4437-A0FB-9793BF0362ED}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{C95277B3-2C65-40DD-AA0E-F5E960D66B99}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EADB7CC3-C441-4804-8442-4BF9D2AC2C3B}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{9D2D7886-9294-4F8A-9878-00F65A35F78B}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{E58089CB-9C6F-4B45-A425-21425EBEA61F}] => (Allow) LPort=26675
FirewallRules: [{A5D259B8-1E24-44D8-925A-973418DADDF0}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{11BF3425-A787-4B58-9D2B-2C72DDE0DF43}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{45F3EBE4-2362-42DA-BB3D-E2B47826BF43}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
FirewallRules: [{D4C040C5-EEB8-42C2-8BBB-25D5D7D6FB1F}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
FirewallRules: [{0E639FB5-2D1F-4A42-AC63-844D6CCB07FE}] => (Allow) LPort=8743
FirewallRules: [{55C1EF6B-A254-4CAF-AA6F-FBEE60CD78F2}] => (Allow) LPort=8643
FirewallRules: [{C7E88967-8ADF-4CEA-B239-D5F66B1229D1}] => (Allow) LPort=7676
FirewallRules: [{5CADC825-9D75-433D-BBE5-1613E7FEC6AB}] => (Allow) LPort=7679
FirewallRules: [{09F7981B-5ED2-44CF-BDEB-6481A387F722}] => (Allow) LPort=24234
FirewallRules: [{A576642A-B6A3-4AD2-B576-FF232782FF18}] => (Allow) LPort=7900
FirewallRules: [{97795763-46BA-40B8-AAF2-BD87F5234263}] => (Allow) LPort=1900
FirewallRules: [{B86DDEBD-0D59-4454-84A0-25EE772FC321}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6B371DFF-5A30-4ADC-A3D1-651B36F644B9}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{8DBD233F-34CD-4101-BEAD-197B15175185}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{EAA21005-8902-4458-9695-CEFFB39AFB58}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{D7422620-1D9C-45FB-96DF-E62A32815E56}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{7836E747-673F-4E33-84C3-4A457FEA76D6}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{680E8D43-4B54-4EDF-B8D2-90EA9C2DECF3}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{A3E3C498-51CE-47A6-A9C6-F3FFEC5AEC65}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1B5BB234-9C74-4F7F-90FE-65768AC5E94D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{866E18B8-D1FF-430E-BFCB-4851E8270BC9}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2347C662-81F0-4884-BD84-58B3FA47BB47}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{07DC2569-6AC0-42DE-A205-784989DC49F1}] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3AC39DC9-CAB0-4CD8-A00D-5CB664464643}] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{71E2F597-F80D-44F6-A3EA-9F2EDF059D6F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{895B7D9A-3AE8-428E-984C-1E69CA314B12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D6C9134-A351-473A-8FE6-8B1E92A5CA3C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B8066CF6-70EB-4133-8145-4B06541B008E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BEDEBD5A-0FF3-42C7-B50F-B51CE18A5931}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{295F63C8-2403-40C9-8A6D-FFD864C39B70}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{2DC454E3-B863-4D30-813B-676D9966F783}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{CF64102F-2C96-46B7-939F-1AE03CDF896F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/27/2015 07:30:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2015 07:29:42 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (08/27/2015 07:29:42 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (08/26/2015 11:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2015 11:31:31 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (08/26/2015 11:31:31 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (08/26/2015 07:54:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2015 07:53:50 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (08/26/2015 07:53:50 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (08/26/2015 07:29:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (08/27/2015 07:34:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/27/2015 07:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/27/2015 07:30:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/27/2015 07:30:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/27/2015 07:30:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/27/2015 12:06:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/27/2015 12:06:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (08/26/2015 11:36:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/26/2015 07:58:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/26/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.


Microsoft Office:
=========================
Error: (05/01/2014 01:41:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/20/2012 04:42:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1690 seconds with 480 seconds of active time.  This session ended with a crash.


CodeIntegrity:
===================================
  Date: 2015-08-24 21:19:46.046
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-08-24 21:19:45.972
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-09 21:35:23.871
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 21:35:23.777
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-09 03:52:52.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-09 03:52:51.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-31 15:37:17.237
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-31 15:37:17.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 10:23:50.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 10:23:50.684
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 8032.48 MB
Verfügbarer physikalischer RAM: 4880.99 MB
Summe virtueller Speicher: 16063.16 MB
Verfügbarer virtueller Speicher: 11699.47 MB

==================== Laufwerke ================================

Drive c: (Windows7_OS) (Fixed) (Total:238.33 GB) (Free:75.08 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Data) (Fixed) (Total:0.1 GB) (Free:0 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive f: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:448.54 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.72 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 33ECF248)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=238.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A1A84517)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

cosinus 28.08.2015 08:44
Ist das ein gewerblich genutztes System?

Toshef 28.08.2015 16:38
Nein, das ist ein privater Rechner. - Ich kann über das Wochenende leider nicht antworten, also wenn möglich, bitte erst Montag fortfahren, danke!

cosinus 28.08.2015 18:29
Zitat:
CorelDRAW(R) Graphics Suite X4
Microsoft Office Enterprise 2007
Microsoft Office Professional Plus 2013
Du nutzt sowas rein privat? :wtf:

Toshef 31.08.2015 18:43
Ich hatte mal Gelegenheit, günstig Lizenzen einzukaufen, da habe ich gleich ordentlich zugeschlagen :-) Hast du etwas Verdächtiges finden können?

cosinus 31.08.2015 20:08
Bitte mit MBAR fortfahren. Ob wohl ich ja eher glaube, dass der Bitdefender schuld an deine Internetverbindungprobleme ist. 3rd Party Firewalls v.a. in Suites sind Quatsch mit Soße, bringen keinen Sicherheitsgewinn dafür idR mehr Probleme.

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Toshef 02.09.2015 21:43
Den Verdacht mit BitDefender hatte ich auch schon. Allerdings hat ein anderes, ähnlich ausgerüstetes System mit BitDefender diese Probleme nicht...

MBAR
Code:
Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org

Database version:
  main:    v2015.09.02.08
  rootkit: v2015.08.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17959
Admin :: THINK_MOBIL [administrator]

02.09.2015 22:23:38
mbar-log-2015-09-02 (22-23-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 522486
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 02.09.2015 22:24
Hast du mal Bidefender KOMPLETT deaktiviert? Notfalls deinstalliert?

Toshef 09.09.2015 16:15
Hatte ich bislang noch nicht. Soll ich das erst mal testen?

cosinus 09.09.2015 19:45
Ja. Wie willst du denn sonst rausfinden, ob es daran liegt oder nicht :pfeiff:


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131