Browser von download protect 2.2.7/2.2.8 befallen

didier · 10.07.2015, 20:03

Thema:
Maleware: "Download Protect 2.2.7" beim Installieren von Freeware eingefangen

Das Addon "Download Protect" erscheint in allen meinen Browsern (Mozilla Firefox, google Chrome, MS Internet Explorer)
Es lässt sich nicht wie andere Addons deinstallieren.
Löscht man die im Browser angegebenen Pfade zu relevanten Files, verschwindet das Addon zwar vorübergehend,
ist aber nach dem nächsten Reboot des Rechners wieder da.
Malewarebites AntiMaleware habe ich bereits ausgeführt.
Es wurden zwar über 100 verdächtige files gefunden und in Quarantäne verschoben, das Addon
"Download Protect" blieb jedoch erhalten.
Des weiteren lässt sich das Addon "Download Protect" zwar im Browser für die aktuelle Sitzung deaktivieren, schaltet sich nach einem Reboot aber
ebenfalls selbsttätig wieder aktiv.

Unternommen Schritte (gemäß Trojanerboard Checkliste):

Defogger:
Ausführen: Problemlos.
REsultat: Keine Fehlermeldung für Defogg

FRST:
Ausgeführt
logfiles erstellt

GMER
Beim Start von GMER kommt folgende Fehlermeldung
c:\windows\system32\config\system:
Der Prozess kann nocht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Nach Start des Scans kommt nochmal eine Fehlermeldung:
c:\user\dietmar\ntuser.dat
Der Prozess kann nocht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Danach meldet gmer:
The scan finished susscessfully.

Logfiles:
1. defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 03:04 on 26/06/2015 (dietmar)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

2. FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by dietmar (administrator) on LENOVO-PC on 26-06-2015 03:18:50
Running from C:\Users\dietmar\Desktop\trojanerboard\FRST
Loaded Profiles: dietmar & MSSQL$SQLEXPRESS2014 (Available Profiles: dietmar & MSSQL$SQLEXPRESS2014 & DefaultAppPool)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\DnsBlockUpdateSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Xmarks.com) C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
Failed to access process -> plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\E046963F.LenovoCompanion_2.2.16.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2776816 2014-02-06] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [600568 2013-11-05] (Lenovo Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [750320 2014-02-28] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DnsBlock] => C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe [788000 2015-06-20] ()
HKLM\...\RunOnce: [WinSat] => winsat dwm -xml results.xml
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1178680 2014-11-06] (Xmarks.com)
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: F - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {164435bc-095b-11e5-8287-0c8bfdd19371} - "F:\ViewHtml.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {164451e8-095b-11e5-8287-0c8bfdd19371} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {3aba170a-f4a8-11e4-8279-0c8bfdd19371} - "F:\.\Setup.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9b2-0fdc-11e5-828b-0050b66f480d} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9c8-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9f3-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {ab98e2d6-0702-11e5-8286-0c8bfdd19371} - "F:\ViewHtml.exe" 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/
URLSearchHook: [S-1-5-80-74102703-195227291-2601699642-576852742-3294486561] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001 -> DefaultScope {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = 
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001 -> {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{787A4207-5990-4A59-8A6D-BF165DA52682}\{25F6BB40-D1E0-429F-896E-4565933F586D}.bin [2015-06-25] (Download Protect)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{6451D48D-9C43-4A3C-BA5C-D17F7F9DB6AD}\{B6305D84-AE27-49A2-BAF9-510DABA89CFE}.bin [2015-06-25] (Download Protect)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///F:/launch.ocx
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\DnsBlockA.dll [343584 2015-06-20] (DnsBlock)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\DnsBlockB.dll [343584 2015-06-20] (DnsBlock)
Winsock: Catalog5-x64 05 C:\WINDOWS\system32\DnsBlockA.dll [434208 2015-06-20] (DnsBlock)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\DnsBlockB.dll [433696 2015-06-20] (DnsBlock)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6DCF1004-DED2-485B-88BB-064FB73CCE52}: [NameServer] 10.74.210.210 10.74.210.211
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.328 -> C:\Users\dietmar\AppData\Local\Hola\firefox_hola\app\vlc No File
FF Plugin HKU\S-1-5-21-1349822815-2598862020-373602666-1001: @hola.org/vlc,version=1.8.204 -> C:\Users\dietmar\AppData\Local\Hola\firefox\app\vlc No File
FF HKLM-x32\...\Firefox\Extensions: [{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}] - C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}\{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}\{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}.xpi [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{EFA5F30A-020C-4385-94B0-981865214E9C}] - C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}\{EFA5F30A-020C-4385-94B0-981865214E9C}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}\{EFA5F30A-020C-4385-94B0-981865214E9C}.xpi [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{3E4405C6-6452-47C6-91AC-34450BF93D1A}] - C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}\{3E4405C6-6452-47C6-91AC-34450BF93D1A}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}\{3E4405C6-6452-47C6-91AC-34450BF93D1A}.xpi [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{B0EA8140-E063-426F-8BBD-B9682B08B5C6}] - C:\WINDOWS\Installer\{3EF4BBD8-EE10-4A91-9471-761FFEE3FD5C}\{B0EA8140-E063-426F-8BBD-B9682B08B5C6}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{3EF4BBD8-EE10-4A91-9471-761FFEE3FD5C}\{B0EA8140-E063-426F-8BBD-B9682B08B5C6}.xpi [2015-06-25]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573432 2013-11-05] (Lenovo Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 DnsBlockUpdateSvc; C:\WINDOWS\system32\DnsBlockUpdateSvc.exe [149024 2015-06-20] ()
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2014-02-28] (Lenovo)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2083592 2013-11-06] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [695800 2013-11-05] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [467720 2013-11-01] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-09] (Maxthon)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS2014; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S4 SQLAgent$SQLEXPRESS2014; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-04-29] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-04-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-07] ()
R3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-11] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-11] (DisplayLink Corp.)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [65928 2014-02-28] (Windows (R) Win 7 DDK provider)
R3 hcw17bda; C:\Windows\system32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
R3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2014-08-18] (Realsil Semiconductor Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-06] (Synaptics Incorporated)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-06-21] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 03:03 - 2015-06-26 03:13 - 00000000 ____D C:\Users\dietmar\Desktop\trojanerboard
2015-06-26 03:01 - 2015-06-26 03:01 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\dietmar\Downloads\avira_de_av_558ca44ee5bc3__ws.exe
2015-06-26 01:37 - 2015-06-26 01:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2015-06-26 01:37 - 2015-06-26 01:37 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2015-06-26 01:36 - 2015-06-26 01:36 - 00000000 ____D C:\Users\Public\Documents\Conexant
2015-06-26 01:36 - 2013-07-02 09:10 - 00004712 _____ C:\WINDOWS\system32\Drivers\SamSfPa.dat
2015-06-26 01:36 - 2011-09-01 14:23 - 00447104 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2015-06-26 01:35 - 2013-07-25 13:39 - 00206552 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2015-06-26 01:32 - 2013-10-18 12:47 - 01387200 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\CHDRT64.sys
2015-06-26 01:32 - 2013-09-09 12:02 - 06217904 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-06-26 01:32 - 2013-09-09 12:02 - 00313520 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-06-26 01:32 - 2013-09-09 12:01 - 01938608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-06-26 01:32 - 2013-09-09 12:01 - 00260272 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-06-26 01:32 - 2013-09-03 17:16 - 00936640 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64BP06.dll
2015-06-26 01:32 - 2013-08-20 12:28 - 02832088 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A40.DLL
2015-06-26 01:32 - 2013-08-05 17:11 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-06-26 01:32 - 2013-05-15 14:27 - 00406208 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CSpkExt64.dll
2015-06-26 01:32 - 2012-06-29 12:04 - 00050848 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxPageMaster64.dll
2015-06-26 01:32 - 2012-01-16 09:42 - 00666240 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\C3DHPExt64.dll
2015-06-26 01:32 - 2011-01-18 07:35 - 00030893 _____ C:\WINDOWS\system32\Drivers\Mixer.ini
2015-06-26 01:28 - 2014-07-29 12:57 - 23048704 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 18033152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 10942144 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 08461824 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 06625280 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 04348888 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 04345304 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 04011168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 03818864 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-06-26 01:28 - 2014-07-29 12:57 - 02478384 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 02023936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01756160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01673216 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01552896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01455776 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01137080 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01132960 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00930264 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00792736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00734720 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00657920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00646304 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00603296 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00544216 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00543704 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00501720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00446424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00444408 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00416216 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00397272 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00396760 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00373248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00358912 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00352232 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00344736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00330240 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00315352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00294912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00291328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00272384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00254976 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-06-26 01:28 - 2014-07-29 12:57 - 00250368 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00244184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00223744 _____ C:\WINDOWS\system32\igdde64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00218808 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00214016 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00210592 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00191448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00188456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00187508 _____ C:\WINDOWS\system32\resTHA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00184320 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00183808 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00183800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00182784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3855.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00180324 _____ C:\WINDOWS\system32\resELL.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00177824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00176180 _____ C:\WINDOWS\system32\resRUS.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00162036 _____ C:\WINDOWS\system32\resARA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00161492 _____ C:\WINDOWS\system32\resHEB.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00161428 _____ C:\WINDOWS\system32\resJPN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00160256 _____ C:\WINDOWS\system32\igdail64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00159056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00156852 _____ C:\WINDOWS\system32\resFRA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00156836 _____ C:\WINDOWS\system32\resHUN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155140 _____ C:\WINDOWS\system32\resKOR.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155044 _____ C:\WINDOWS\system32\resITA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155044 _____ C:\WINDOWS\system32\resDEU.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154884 _____ C:\WINDOWS\system32\resROM.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154772 _____ C:\WINDOWS\system32\resESN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154624 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00154340 _____ C:\WINDOWS\system32\resPLK.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154196 _____ C:\WINDOWS\system32\resSKY.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154004 _____ C:\WINDOWS\system32\resNLD.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153444 _____ C:\WINDOWS\system32\resPTB.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153300 _____ C:\WINDOWS\system32\resTRK.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153268 _____ C:\WINDOWS\system32\resCSY.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153140 _____ C:\WINDOWS\system32\resPTG.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153048 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00152724 _____ C:\WINDOWS\system32\resFIN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00152292 _____ C:\WINDOWS\system32\resHRV.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00151844 _____ C:\WINDOWS\system32\resSVE.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00151668 _____ C:\WINDOWS\system32\resSLV.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00150740 _____ C:\WINDOWS\system32\resNOR.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00150228 _____ C:\WINDOWS\system32\resDAN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00148916 _____ C:\WINDOWS\system32\resENU.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00147140 _____ C:\WINDOWS\system32\resCHT.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00146308 _____ C:\WINDOWS\system32\resCHS.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00143360 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00128672 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00094368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00070144 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00069632 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00058880 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00030720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00002568 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-06-25 22:32 - 2015-06-25 23:51 - 00000101 ____H C:\Users\dietmar\Desktop\.~lock.install.lenovo.odt#
2015-06-25 19:03 - 2015-06-25 19:04 - 00001251 _____ C:\Users\dietmar\Desktop\SPEEDPORT.lnk
2015-06-25 17:18 - 2015-06-25 17:18 - 00000000 ____D C:\Program Files\{787A4207-5990-4A59-8A6D-BF165DA52682}
2015-06-25 17:18 - 2015-06-25 17:18 - 00000000 ____D C:\Program Files (x86)\{6451D48D-9C43-4A3C-BA5C-D17F7F9DB6AD}
2015-06-25 01:41 - 2015-06-25 01:41 - 00003372 _____ C:\Users\dietmar\Desktop\email-Fernuni.txt
2015-06-25 00:10 - 2015-06-25 00:10 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2015-06-24 23:15 - 2015-06-24 23:32 - 00000000 ____D C:\Users\dietmar\Desktop\dfk-data-Trancend
2015-06-24 22:08 - 2015-06-24 22:08 - 00000000 ____D C:\Program Files\VueScan
2015-06-24 02:24 - 2015-06-24 02:24 - 00000000 ____D C:\Program Files\{655F2B7C-2874-4524-83E1-6F5FBABEBD9E}
2015-06-24 02:24 - 2015-06-24 02:24 - 00000000 ____D C:\Program Files (x86)\{4C83E701-12E1-40A0-9B93-8EE6F5F1C9C6}
2015-06-23 21:55 - 2015-06-24 17:02 - 00000000 ____D C:\Users\dietmar\Desktop\Telefonie
2015-06-23 21:54 - 2015-06-23 22:20 - 00013208 _____ C:\Users\dietmar\Desktop\Tätigkeitsbericht.D.KremerBeiINASchaeffler.odt
2015-06-23 19:23 - 2015-06-23 19:23 - 00001877 _____ C:\Users\dietmar\Desktop\Luna.lnk
2015-06-23 02:14 - 2015-06-25 21:26 - 00000985 _____ C:\Users\dietmar\Desktop\trojanerboard.txt
2015-06-23 01:19 - 2015-06-26 03:18 - 00000000 ____D C:\FRST
2015-06-23 00:45 - 2015-06-23 00:45 - 00000000 _____ C:\Users\dietmar\defogger_reenable
2015-06-22 22:53 - 2015-06-22 22:53 - 00015360 _____ C:\Users\dietmar\Desktop\LinsenTests.xls
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Mozilla
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Users\dietmar\AppData\Local\Mozilla
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-22 03:08 - 2015-06-22 03:08 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 03:08 - 2015-06-22 03:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-22 03:08 - 2015-06-22 03:08 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-22 03:08 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-22 03:08 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 03:08 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-22 02:15 - 2015-06-22 02:15 - 00001201 _____ C:\Users\dietmar\Desktop\downloadProtect.txt
2015-06-22 00:52 - 2015-06-22 00:55 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-22 00:49 - 2015-06-22 00:49 - 05683024 _____ (Avast Software s.r.o.) C:\Users\dietmar\Downloads\avastclear.exe
2015-06-21 03:54 - 2015-06-24 02:21 - 00002866 _____ C:\Users\dietmar\AppData\Roaming\VoiceMeeterDefault.xml
2015-06-21 03:20 - 2015-06-21 03:20 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2015-06-21 03:20 - 2015-06-21 03:20 - 00000000 ____D C:\Program Files (x86)\VB
2015-06-21 02:52 - 2015-06-21 03:21 - 00000000 ____D C:\Program Files\VB
2015-06-20 22:29 - 2015-06-20 22:59 - 00159744 _____ C:\Users\dietmar\Documents\Studium.mdb
2015-06-20 04:06 - 2015-06-21 01:07 - 00000356 _____ C:\WINDOWS\Tasks\Chromium.job
2015-06-20 04:06 - 2015-06-20 04:06 - 00002694 _____ C:\WINDOWS\System32\Tasks\Chromium
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Opera Software
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Users\dietmar\AppData\Local\Opera Software
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-20 04:05 - 2015-06-20 14:39 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2015-06-20 04:05 - 2015-06-20 04:05 - 00003260 _____ C:\WINDOWS\System32\Tasks\Opera N Sunday
2015-06-20 04:05 - 2015-06-20 04:05 - 00003260 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday
2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Shortcut
2015-06-20 03:54 - 2015-06-20 03:54 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\dlg
2015-06-20 03:53 - 2015-06-25 17:18 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-06-20 03:53 - 2015-06-20 03:53 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\AVG
2015-06-20 03:52 - 2015-06-20 03:53 - 00000000 ____D C:\ProgramData\AVG
2015-06-20 03:52 - 2015-06-20 03:52 - 00471968 _____ C:\WINDOWS\SysWOW64\dns.block
2015-06-20 03:52 - 2015-06-20 03:52 - 00471968 _____ C:\WINDOWS\system32\dns.block
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\DnsBlock
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\Avg
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Program Files (x86)\DnsBlock
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-20 03:51 - 2015-06-25 19:45 - 00000390 _____ C:\WINDOWS\Tasks\UEUEUFX1.job
2015-06-20 03:51 - 2015-06-20 03:51 - 00434208 _____ (DnsBlock) C:\WINDOWS\system32\DnsBlockA.dll
2015-06-20 03:51 - 2015-06-20 03:51 - 00433696 _____ (DnsBlock) C:\WINDOWS\system32\DnsBlockB.dll
2015-06-20 03:51 - 2015-06-20 03:51 - 00343584 _____ (DnsBlock) C:\WINDOWS\SysWOW64\DnsBlockB.dll
2015-06-20 03:51 - 2015-06-20 03:51 - 00343584 _____ (DnsBlock) C:\WINDOWS\SysWOW64\DnsBlockA.dll
2015-06-20 03:51 - 2015-06-20 03:51 - 00149024 _____ C:\WINDOWS\system32\DnsBlockUpdateSvc.exe
2015-06-20 03:51 - 2015-06-20 03:51 - 00002904 _____ C:\WINDOWS\System32\Tasks\UEUEUFX1
2015-06-20 03:51 - 2015-06-20 03:51 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Browser-Security
2015-06-20 03:51 - 2015-06-20 03:51 - 00000000 ____D C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2015-06-20 03:51 - 2015-06-20 03:51 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2015-06-19 01:59 - 2015-06-19 01:59 - 08142207 _____ C:\Users\dietmar\Desktop\Bewerbung.D.Kremer.Hemmerbach.odt
2015-06-19 01:54 - 2015-06-20 22:59 - 00000411 _____ C:\Users\dietmar\Desktop\bewerbÜbers.txt
2015-06-18 20:41 - 2015-06-18 20:41 - 00000000 ____D C:\Users\dietmar\AppData\Local\Macromedia
2015-06-17 03:08 - 2015-06-17 03:08 - 00000000 ____D C:\Users\dietmar\AppData\Local\Conexant
2015-06-17 02:36 - 2015-06-17 03:11 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-17 02:06 - 2015-06-20 03:10 - 00006880 _____ C:\WINDOWS\SMinstall.log
2015-06-17 01:46 - 2015-06-17 01:46 - 00000000 ____D C:\Program Files (x86)\Spectrum
2015-06-16 15:53 - 2015-06-23 21:35 - 00002253 _____ C:\Users\dietmar\Desktop\Telefonie.lnk
2015-06-16 00:22 - 2015-06-16 00:22 - 00000000 ____D C:\Users\dietmar\AppData\Local\Apple Computer
2015-06-15 22:25 - 2015-06-25 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anwendungen
2015-06-15 20:30 - 2015-06-15 20:30 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Apple Computer
2015-06-15 14:53 - 2015-06-20 19:52 - 00000677 _____ C:\Users\dietmar\Desktop\DiDo.txt
2015-06-15 13:04 - 2015-06-15 13:04 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2015-06-15 13:04 - 2015-06-15 13:04 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2015-06-15 02:38 - 2015-06-15 02:38 - 00000000 ___SD C:\Users\dietmar\Documents\Meine Shapes
2015-06-15 02:34 - 2015-06-15 02:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\Users\dietmar\AppData\Local\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-15 02:32 - 2015-06-15 02:32 - 00000293 ____H C:\ProgramData\wb764821reg.bin
2015-06-15 01:43 - 2015-06-17 02:10 - 00000039 _____ C:\WINDOWS\vbaddin.ini
2015-06-15 01:40 - 2015-06-15 01:40 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-14 13:42 - 2015-06-14 13:42 - 00000000 ____D C:\ProgramData\Kestner
2015-06-14 13:42 - 2015-06-14 13:42 - 00000000 ____D C:\Program Files (x86)\Kestner
2015-06-14 01:47 - 2015-06-14 01:47 - 00000000 ____D C:\Meine Webseiten
2015-06-14 01:23 - 2015-06-14 01:23 - 00000000 ____D C:\Program Files\WinHTTrack
2015-06-13 22:04 - 2015-06-14 01:42 - 00000000 ____D C:\Users\dietmar\Documents\SQL Server Management Studio
2015-06-13 22:04 - 2015-06-13 22:04 - 00000020 ___SH C:\Users\MSSQL$SQLEXPRESS2014\ntuser.ini
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Vorlagen
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Startmenü
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Netzwerkumgebung
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Lokale Einstellungen
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Eigene Dateien
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Druckumgebung
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Documents\Eigene Musik
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Documents\Eigene Bilder
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Verlauf
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Anwendungsdaten
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Anwendungsdaten
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014
2015-06-13 22:04 - 2015-06-13 00:12 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Microsoft Help
2015-06-13 22:04 - 2015-06-10 22:23 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\Documents\Visual Studio 2008
2015-06-13 22:04 - 2015-05-09 14:13 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\Documents\Visual Studio 2013
2015-06-13 22:04 - 2015-05-03 02:12 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-13 22:04 - 2015-05-03 02:12 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-13 22:04 - 2014-02-28 00:00 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Macromedia
2015-06-13 22:04 - 2014-02-22 06:37 - 00000369 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-13 22:04 - 2014-02-22 06:37 - 00000369 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-13 22:04 - 2014-02-21 05:27 - 00172224 _____ (Microsoft Corporation) C:\WINDOWS\system32\hadrres.dll
2015-06-13 22:04 - 2014-02-21 05:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fssres.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00103104 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS2014-sqlctr12.0.2000.8.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00088768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS2014-sqlctr12.0.2000.8.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00056000 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL12.SQLEXPRESS2014-sqlagtctr.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL12.SQLEXPRESS2014-sqlagtctr.dll
2015-06-13 22:04 - 2013-12-11 18:40 - 00002092 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-06-13 22:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-13 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-13 22:03 - 2015-06-13 22:03 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-06-13 22:02 - 2015-06-13 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-06-13 22:00 - 2015-06-13 22:00 - 00000000 ____D C:\WINDOWS\system32\RsFx
2015-06-13 21:57 - 2015-06-13 21:57 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2010
2015-06-13 21:56 - 2015-06-13 21:58 - 00000000 ____D C:\WINDOWS\SysWOW64\1031
2015-06-13 21:56 - 2015-06-13 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-06-13 21:54 - 2015-06-13 21:58 - 00000000 ____D C:\WINDOWS\system32\1031
2015-06-13 21:54 - 2015-06-13 21:54 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2015-06-13 21:54 - 2015-06-13 21:54 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2015-06-13 21:48 - 2015-06-13 21:48 - 00000931 _____ C:\Users\dietmar\Desktop\Downloads.lnk
2015-06-13 19:46 - 2015-06-20 22:59 - 00012337 _____ C:\Users\dietmar\Desktop\Lernen-Orte.odt
2015-06-13 13:26 - 2015-06-14 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-13 13:26 - 2015-06-13 13:26 - 00001062 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2015-06-13 13:26 - 2009-12-07 19:53 - 00117504 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2015-06-13 13:26 - 2009-12-07 19:36 - 00246224 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbnet.sys
2015-06-13 13:26 - 2009-10-12 15:23 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbdev.sys
2015-06-13 13:26 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2015-06-13 00:12 - 2015-06-13 00:12 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-06-13 00:12 - 2015-06-13 00:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-06-11 23:47 - 2015-06-11 23:47 - 00000000 ____D C:\Users\dietmar\AppData\Local\Microsoft_Corporation
2015-06-11 03:53 - 2015-06-14 20:23 - 00000000 ____D C:\Hola
2015-06-10 22:23 - 2015-06-10 22:23 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2015-06-10 22:23 - 2015-06-10 22:23 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2015-06-10 12:54 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 12:54 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 12:54 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 12:54 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 12:54 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 12:54 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 12:54 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 12:54 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 12:54 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 12:54 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 12:54 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 12:54 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 12:53 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 12:53 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 12:53 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 12:53 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 12:53 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 12:53 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 12:53 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 12:53 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 12:53 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 12:53 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 12:53 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 12:53 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 12:53 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 12:53 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 12:53 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 12:53 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 12:53 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 12:53 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 12:53 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 12:53 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 12:53 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 12:53 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 12:53 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 12:53 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 12:53 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 12:53 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 12:53 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 12:53 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 12:53 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 12:53 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 12:53 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 12:53 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 12:53 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 12:53 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 12:53 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 12:53 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 12:53 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 12:53 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 12:53 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 12:53 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 12:53 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 12:53 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 12:53 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 12:53 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 12:53 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 12:53 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 12:53 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 12:53 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 12:53 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 12:53 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 12:53 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 12:53 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 12:53 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 12:53 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 12:53 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 12:53 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 12:53 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 12:53 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 12:53 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 12:53 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 12:52 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 01:25 - 2015-06-15 22:27 - 00000000 ___RD C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multimedia
2015-06-09 22:50 - 2015-06-09 22:50 - 00000000 ____D C:\Users\dietmar\Documents\MPC-HC Capture
2015-06-09 22:50 - 2015-06-09 22:50 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\MPC-HC
2015-06-09 22:43 - 2015-06-09 22:43 - 00000000 ____D C:\Program Files\MPC-HC
2015-06-09 18:54 - 2015-06-09 18:54 - 00000000 ____D C:\Program Files\Microsoft SDKs
2015-06-09 18:53 - 2015-06-09 18:53 - 00000000 ____D C:\Program Files\Business Objects
2015-06-09 18:52 - 2015-06-09 18:52 - 00000000 ____D C:\Program Files (x86)\Business Objects
2015-06-09 18:24 - 2015-06-09 18:24 - 00000000 ____D C:\Program Files\Microsoft Device Emulator
2015-06-09 18:24 - 2015-06-09 18:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Device Emulator
2015-06-09 18:23 - 2015-06-09 18:23 - 00000000 ____D C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
2015-06-09 18:23 - 2015-06-09 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-06-09 18:16 - 2015-06-09 18:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2015-06-09 18:16 - 2015-06-09 18:16 - 00000000 ____D C:\Program Files (x86)\CE Remote Tools
2015-06-09 18:07 - 2015-06-09 18:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Designer Tools
2015-06-09 18:07 - 2015-06-09 18:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-06-09 18:06 - 2015-06-17 02:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-09 18:06 - 2015-06-10 16:45 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2008
2015-06-09 18:06 - 2015-06-10 16:45 - 00000000 ____D C:\Users\dietmar\AppData\Local\Microsoft Help
2015-06-09 18:06 - 2015-06-09 18:52 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2015-06-09 18:01 - 2015-06-13 00:22 - 00002635 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk
2015-06-09 18:01 - 2015-06-13 00:22 - 00002631 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk
2015-06-09 18:00 - 2015-06-15 13:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-06-09 18:00 - 2015-06-09 18:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2015-06-09 17:58 - 2015-06-09 17:58 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-06-09 17:54 - 2015-06-09 17:54 - 00000000 __RHD C:\MSOCache
2015-06-09 15:00 - 2015-06-09 15:13 - 00000000 ____D C:\AdwCleaner
2015-06-09 14:59 - 2015-06-09 14:59 - 02231296 _____ C:\Users\dietmar\Downloads\adwcleaner_4.206.exe
2015-06-07 23:10 - 2015-06-07 23:10 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-06 15:39 - 2015-06-06 15:39 - 00000000 ____D C:\WINDOWS\SysWOW64\X86
2015-06-06 15:39 - 2015-06-06 15:39 - 00000000 ____D C:\WINDOWS\SysWOW64\AMD64
2015-06-06 15:38 - 2015-06-22 04:04 - 00000000 ____D C:\Program Files (x86)\TampaInit
2015-06-06 15:29 - 2015-06-06 15:38 - 00000000 ____D C:\Program Files (x86)\RelaySoft
2015-06-05 18:12 - 2015-06-13 13:27 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2015-06-05 16:28 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-05 16:28 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-05 16:28 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-05 16:28 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-05 16:28 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-05 16:28 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-05 16:28 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-05 16:28 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-03 14:20 - 2015-06-03 14:20 - 00000000 ____D C:\Users\dietmar\AppData\Local\GWX
2015-06-03 14:16 - 2015-06-15 20:26 - 00024575 _____ C:\Users\dietmar\Desktop\ikh-strelle.odt
2015-06-03 13:23 - 2015-06-03 13:23 - 00000000 ____D C:\Users\Public\Documents\sun
2015-06-02 21:08 - 2015-06-02 21:08 - 00000000 ____D C:\Program Files\Lenovo USB Graphics
2015-06-02 21:08 - 2015-06-02 21:08 - 00000000 ____D C:\Program Files\DisplayLink Core Software
2015-06-02 21:07 - 2015-06-17 02:06 - 00000000 ____D C:\SWTOOLS
2015-06-02 21:04 - 2015-06-02 21:16 - 00000000 ____D C:\temp
2015-05-29 02:20 - 2015-06-22 23:44 - 00001213 _____ C:\Users\dietmar\Desktop\Android Studio.lnk
2015-05-29 02:20 - 2015-05-03 14:32 - 00001358 _____ C:\Users\dietmar\Desktop\eclipse.lnk
2015-05-29 02:18 - 2015-05-29 02:20 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-05-27 15:41 - 2015-06-23 19:22 - 00002111 _____ C:\Users\dietmar\Desktop\Organsisation.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 03:15 - 2014-02-27 23:25 - 01710943 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-26 03:04 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-26 03:03 - 2015-04-27 17:49 - 00000000 ____D C:\Users\dietmar
2015-06-26 03:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-26 02:32 - 2015-05-02 23:26 - 00000000 ____D C:\Users\dietmar\AppData\Local\Xmarks
2015-06-26 01:51 - 2015-05-05 22:03 - 00000000 ____D C:\Users\dietmar\AppData\Local\CrashDumps
2015-06-26 01:35 - 2014-02-27 23:37 - 04904526 _____ C:\Users\Public\CAFADEBUG.log
2015-06-26 01:35 - 2013-08-22 16:46 - 00109620 _____ C:\WINDOWS\setupact.log
2015-06-26 01:33 - 2014-02-27 23:36 - 00000000 ____D C:\ProgramData\Conexant
2015-06-26 01:31 - 2015-04-27 17:50 - 00117248 _____ C:\WINDOWS\SysWOW64\Xui.trf
2015-06-26 01:27 - 2015-04-27 23:39 - 00000000 ____D C:\Users\dietmar\AppData\Local\ClassicShell
2015-06-26 00:44 - 2015-04-27 17:55 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1349822815-2598862020-373602666-1001
2015-06-26 00:40 - 2014-02-27 23:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-06-26 00:40 - 2014-02-27 23:34 - 00000000 ____D C:\Program Files\Lenovo
2015-06-26 00:39 - 2015-05-01 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-06-26 00:00 - 2014-02-27 23:33 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-06-25 23:51 - 2015-05-03 15:57 - 00016874 _____ C:\Users\dietmar\Desktop\install.lenovo.odt
2015-06-25 23:51 - 2015-05-02 22:46 - 00440320 ___SH C:\Users\dietmar\Desktop\Thumbs.db
2015-06-25 21:57 - 2014-02-28 08:16 - 00964858 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-25 21:57 - 2014-02-28 08:16 - 00238724 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-25 21:57 - 2013-10-07 20:27 - 02286860 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-25 21:55 - 2015-04-27 17:55 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED136814-2FF4-44F4-9697-51514347B07F}
2015-06-25 19:46 - 2015-04-27 17:51 - 00000000 ___DO C:\Users\dietmar\SkyDrive
2015-06-25 17:16 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-25 17:16 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-24 22:45 - 2015-05-01 13:59 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Büro
2015-06-24 22:09 - 2014-02-27 23:24 - 00118640 _____ C:\WINDOWS\DPINST.LOG
2015-06-24 21:39 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-24 14:47 - 2015-05-15 14:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 19:27 - 2015-05-02 23:11 - 00002224 _____ C:\Users\dietmar\Desktop\Musik.lnk
2015-06-23 19:21 - 2015-05-02 22:46 - 00001838 _____ C:\Users\dietmar\Desktop\Amalthea.lnk
2015-06-22 04:16 - 2013-10-07 20:23 - 00849662 _____ C:\WINDOWS\PFRO.log
2015-06-22 04:09 - 2015-05-03 22:31 - 00000000 ____D C:\Users\dietmar\AppData\Local\Google
2015-06-22 04:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Resources
2015-06-22 02:01 - 2015-05-03 22:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-22 00:50 - 2015-05-15 14:00 - 00000000 ____D C:\Program Files\Google
2015-06-21 02:51 - 2013-07-11 08:57 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_cable64_win7.sys
2015-06-21 01:33 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Nitro PDF
2015-06-20 05:02 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-20 03:53 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-06-18 19:24 - 2015-04-27 17:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\Adobe
2015-06-17 02:37 - 2014-02-27 23:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-15 22:27 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-15 20:26 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-15 01:45 - 2015-05-01 14:13 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Entwicklung
2015-06-15 01:42 - 2014-02-28 00:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-15 01:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-15 01:41 - 2015-05-07 21:13 - 00000929 _____ C:\WINDOWS\ODBC.INI
2015-06-14 14:44 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Local\VirtualStore
2015-06-13 22:01 - 2015-05-01 23:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-13 21:58 - 2015-05-01 23:35 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2015-06-13 21:58 - 2015-05-01 23:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-13 21:58 - 2015-05-01 23:18 - 00000000 ____D C:\WINDOWS\system32\1033
2015-06-13 19:52 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Local\Packages
2015-06-13 15:29 - 2015-05-01 14:00 - 00000000 ___RD C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-13 00:54 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-13 00:24 - 2013-08-22 15:25 - 00000290 _____ C:\WINDOWS\win.ini
2015-06-11 21:12 - 2015-05-03 09:34 - 00000000 __SHD C:\Users\dietmar\AppData\Local\EmieBrowserModeList
2015-06-11 21:12 - 2015-05-02 22:34 - 00000000 __SHD C:\Users\dietmar\AppData\Local\EmieUserList
2015-06-11 21:12 - 2015-05-02 22:34 - 00000000 __SHD C:\Users\dietmar\AppData\Local\EmieSiteList
2015-06-11 03:52 - 2013-08-22 16:44 - 00529296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-11 03:48 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-11 03:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 23:13 - 2015-04-29 18:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 23:10 - 2015-04-29 18:58 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 18:23 - 2015-05-02 00:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-09 18:17 - 2013-10-07 20:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-09 18:01 - 2013-08-22 21:12 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-09 18:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\IME
2015-06-09 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-09 17:54 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\System
2015-06-07 23:42 - 2014-02-28 00:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-07 22:38 - 2014-02-28 00:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2015-06-07 22:38 - 2014-02-27 15:44 - 00000000 ____D C:\ProgramData\Lenovo
2015-06-05 18:29 - 2015-05-03 01:47 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-05 18:29 - 2015-05-03 01:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-05 17:40 - 2015-05-02 00:18 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2013

==================== Files in the root of some directories =======

2015-04-27 17:51 - 2015-05-02 01:38 - 0001516 _____ () C:\Users\dietmar\AppData\Roaming\AbsoluteReminder.xml
2015-06-21 03:54 - 2015-06-24 02:21 - 0002866 _____ () C:\Users\dietmar\AppData\Roaming\VoiceMeeterDefault.xml
2015-04-27 17:50 - 2015-04-27 17:50 - 0000193 _____ () C:\Users\dietmar\AppData\Local\RegisteredPackageInformation.xml
2014-02-27 23:36 - 2014-02-27 23:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-15 02:32 - 2015-06-15 02:32 - 0000293 ____H () C:\ProgramData\wb764821reg.bin

Some files in TEMP:
====================
C:\Users\dietmar\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\dietmar\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\dietmar\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\dietmar\AppData\Local\Temp\hcwclear.exe
C:\Users\dietmar\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.204.exe
C:\Users\dietmar\AppData\Local\Temp\IR32.exe
C:\Users\dietmar\AppData\Local\Temp\KUIU.EXE
C:\Users\dietmar\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\dietmar\AppData\Local\Temp\pyl2B2A.tmp.exe
C:\Users\dietmar\AppData\Local\Temp\pylF3F7.tmp.exe
C:\Users\dietmar\AppData\Local\Temp\Quarantine.exe
C:\Users\dietmar\AppData\Local\Temp\Remove.exe
C:\Users\dietmar\AppData\Local\Temp\ResetDevice.exe
C:\Users\dietmar\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\dietmar\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\dietmar\AppData\Local\Temp\sqlite3.dll
C:\Users\dietmar\AppData\Local\Temp\xmlUpdater.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 05:12

==================== End of log ============================

M-K-D-B · 10.07.2015, 20:11

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zukünftig bitte beachten:

Zitat:

Running from C:\Users\dietmar\Desktop\trojanerboard\FRST

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Hast du dnsblock bewusst/absichtlich installiert?

Zitat:

R2 DnsBlockUpdateSvc; C:\WINDOWS\system32\DnsBlockUpdateSvc.exe [149024 2015-06-20] ()

Zitat:

Maleware: "Download Protect 2.2.7" beim Installieren von Freeware eingefangen

Welche Freeware hast du installiert? Von wo hast du diese geladen?

didier · 10.07.2015, 21:05

Hast du dnsblock bewusst/absichtlich installiert?
--> Nein

Welche Freeware hast du installiert? Von wo hast du diese geladen?
--> Kann ich leider nicht mehr genau sagen, da ich sie zwischenzetlich entfernt habe.
Es war etwas im Zusamenhang mit einer "Stereo-mix-software" für den Sound von win8.1

frst.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by dietmar (administrator) on LENOVO-PC on 10-07-2015 21:42:42
Running from C:\Users\dietmar\Desktop
Loaded Profiles: dietmar & MSSQL$SQLEXPRESS2014 (Available Profiles: dietmar & MSSQL$SQLEXPRESS2014 & DefaultAppPool)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Xmarks.com) C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Camera\Camera.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> TpKnrres.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2776816 2014-02-06] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [600568 2013-11-05] (Lenovo Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DnsBlock] => C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe [788000 2015-06-20] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_160_Plugin.exe [1154736 2015-06-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: F - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {164435bc-095b-11e5-8287-0c8bfdd19371} - "F:\ViewHtml.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {164451e8-095b-11e5-8287-0c8bfdd19371} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {3aba170a-f4a8-11e4-8279-0c8bfdd19371} - "F:\.\Setup.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9b2-0fdc-11e5-828b-0050b66f480d} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9c8-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9f3-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {ab98e2d6-0702-11e5-8286-0c8bfdd19371} - "F:\ViewHtml.exe" 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/
URLSearchHook: [S-1-5-80-74102703-195227291-2601699642-576852742-3294486561] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001 -> DefaultScope {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001 -> {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{8D2087A3-E941-45D5-B35F-AD696FAF5B29}\{9E7C350A-379D-4B81-B08D-1F56586FD6F2}.bin [2015-07-03] (Download Protect)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{D23109FC-1925-4B9E-B8E0-536C11A71C97}\{1FA9BDAB-2FD2-4A17-B28D-084B03007A0B}.bin [2015-07-03] (Download Protect)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///F:/launch.ocx
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\DnsBlockA.dll [343584 2015-06-20] (DnsBlock)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\DnsBlockB.dll [343584 2015-06-20] (DnsBlock)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-09] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-09] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-09] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-09] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-09] (Lavasoft Limited)
Winsock: Catalog5-x64 05 C:\WINDOWS\system32\DnsBlockA.dll [434208 2015-06-20] (DnsBlock)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\DnsBlockB.dll [433696 2015-06-20] (DnsBlock)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 172.17.2.1 172.17.2.1
Tcpip\..\Interfaces\{6DCF1004-DED2-485B-88BB-064FB73CCE52}: [NameServer] 10.74.210.210 10.74.210.211
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default
FF DefaultSearchEngine: Avira SafeSearch
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.328 -> C:\Users\dietmar\AppData\Local\Hola\firefox_hola\app\vlc No File
FF Plugin HKU\S-1-5-21-1349822815-2598862020-373602666-1001: @hola.org/vlc,version=1.8.204 -> C:\Users\dietmar\AppData\Local\Hola\firefox\app\vlc No File
FF user.js: detected! => C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\user.js [2015-07-09]
FF SearchPlugin: C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\searchplugins\avira-safesearch.xml [2015-06-26]
FF Extension: Avira Browser Safety - C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\Extensions\abs@avira.com [2015-07-03]
FF Extension: Avira SafeSearch Plus - C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\Extensions\safesearchplus@avira.com [2015-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}] - C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}\{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}\{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}.xpi [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{EFA5F30A-020C-4385-94B0-981865214E9C}] - C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}\{EFA5F30A-020C-4385-94B0-981865214E9C}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}\{EFA5F30A-020C-4385-94B0-981865214E9C}.xpi [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{3E4405C6-6452-47C6-91AC-34450BF93D1A}] - C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}\{3E4405C6-6452-47C6-91AC-34450BF93D1A}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}\{3E4405C6-6452-47C6-91AC-34450BF93D1A}.xpi [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{7B2348D8-454E-4DC5-BF51-91489454AF81}] - C:\WINDOWS\Installer\{1D560D36-1A48-454B-BAF7-9189874D2D09}\{7B2348D8-454E-4DC5-BF51-91489454AF81}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{1D560D36-1A48-454B-BAF7-9189874D2D09}\{7B2348D8-454E-4DC5-BF51-91489454AF81}.xpi [2015-07-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573432 2013-11-05] (Lenovo Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
S2 DnsBlockUpdateSvc; C:\WINDOWS\system32\DnsBlockUpdateSvc.exe [149024 2015-06-20] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2083592 2013-11-06] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [695800 2013-11-05] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [467720 2013-11-01] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-09] (Maxthon)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS2014; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S4 SQLAgent$SQLEXPRESS2014; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-04-29] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-04-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-07] ()
S3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-11] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-11] (DisplayLink Corp.)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hcw17bda; C:\Windows\system32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
R3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-06-27] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2014-08-18] (Realsil Semiconductor Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-06] (Synaptics Incorporated)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-06-21] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U3 fxrirpog; \??\C:\Users\dietmar\AppData\Local\Temp\fxrirpog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 21:42 - 2015-07-10 21:43 - 00031476 _____ C:\Users\dietmar\Desktop\FRST.txt
2015-07-10 21:42 - 2015-06-26 03:07 - 02112512 _____ (Farbar) C:\Users\dietmar\Desktop\FRST64.exe
2015-07-09 22:53 - 2015-07-10 15:49 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\FreeFileSync
2015-07-09 22:46 - 2015-07-10 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-09 22:46 - 2015-07-09 22:46 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-07-09 22:46 - 2015-07-09 22:46 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-07-09 22:46 - 2015-07-09 22:46 - 00002864 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-09 22:46 - 2015-07-09 22:46 - 00002864 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-07-09 22:45 - 2015-07-09 22:45 - 00000967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000957 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000955 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\RPEng
2015-07-09 22:45 - 2015-07-09 22:45 - 00000000 ____D C:\Program Files\FreeFileSync
2015-07-09 22:43 - 2015-07-09 22:43 - 10719568 _____ (www.FreeFileSync.org) C:\Users\dietmar\Downloads\FreeFileSync_7.2_Windows_Setup.exe
2015-07-09 16:35 - 2015-07-09 16:35 - 00000194 _____ C:\Users\dietmar\Desktop\Heinemann.txt
2015-07-09 16:34 - 2015-07-09 16:35 - 00000479 _____ C:\Users\dietmar\Desktop\FernUniFrageWgNichtFreigeg.Kursen
2015-07-06 23:31 - 2015-07-07 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 22:53 - 2015-07-06 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-07-06 18:41 - 2015-07-06 18:41 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 18:41 - 2015-07-06 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 18:30 - 2015-07-06 18:30 - 00000095 _____ C:\Users\dietmar\Desktop\Vertrag_zusätze.txt
2015-07-04 14:51 - 2015-07-04 14:51 - 00000000 ____D C:\Program Files\7-Zip
2015-07-04 14:50 - 2015-07-04 14:50 - 01376768 _____ C:\Users\dietmar\Downloads\7z920-x64.msi
2015-07-04 14:50 - 2015-07-04 14:50 - 01062749 _____ (Igor Pavlov) C:\Users\dietmar\Downloads\7z1505.exe
2015-07-04 10:59 - 2015-07-06 21:31 - 00022618 _____ C:\Users\dietmar\Desktop\Apo.odt
2015-07-03 23:05 - 2015-07-03 23:05 - 00000000 ____D C:\Program Files\{8D2087A3-E941-45D5-B35F-AD696FAF5B29}
2015-07-03 23:05 - 2015-07-03 23:05 - 00000000 ____D C:\Program Files (x86)\{D23109FC-1925-4B9E-B8E0-536C11A71C97}
2015-07-02 17:53 - 2015-07-02 19:21 - 00159744 _____ C:\Users\dietmar\Documents\db1.mdb
2015-06-30 19:46 - 2015-07-06 18:36 - 00000092 _____ C:\Users\dietmar\Desktop\todoLocalCache.txt
2015-06-29 03:25 - 2015-06-29 19:52 - 00002280 ____H C:\Users\dietmar\Documents\Default.rdp
2015-06-29 03:01 - 2015-07-02 19:22 - 00000000 ____D C:\Users\dietmar\AppData\Local\AviraSpeedup
2015-06-29 00:37 - 2015-06-29 00:37 - 00000000 ____D C:\Program Files\{B80EC004-56AF-4899-AA4A-89CB150FB289}
2015-06-29 00:37 - 2015-06-29 00:37 - 00000000 ____D C:\Program Files (x86)\{CAA517D1-B09D-418D-A5C4-931B49C01DB4}
2015-06-26 22:34 - 2015-06-26 22:34 - 00341720 _____ C:\WINDOWS\Minidump\062615-41531-01.dmp
2015-06-26 22:34 - 2015-06-26 22:34 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-26 22:33 - 2015-06-26 22:33 - 1088599442 _____ C:\WINDOWS\MEMORY.DMP
2015-06-26 18:58 - 2015-06-26 18:58 - 02870984 _____ (ESET) C:\Users\dietmar\Downloads\esetsmartinstaller_deu.exe
2015-06-26 18:58 - 2015-06-26 18:58 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-26 18:49 - 2015-06-26 18:49 - 00003320 _____ C:\WINDOWS\System32\Tasks\AviraSpeedup
2015-06-26 18:49 - 2015-06-26 18:49 - 00001116 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-06-26 18:49 - 2015-06-26 18:49 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-06-26 18:45 - 2015-06-26 18:45 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Avira
2015-06-26 18:44 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-06-26 18:42 - 2015-06-26 18:49 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-26 18:42 - 2015-06-26 18:44 - 00000000 ____D C:\ProgramData\Avira
2015-06-26 18:42 - 2015-06-26 18:42 - 00001179 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-26 18:03 - 2015-06-26 18:03 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-26 18:00 - 2015-06-26 18:00 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-26 17:47 - 2015-06-26 17:47 - 00000000 ____D C:\Users\dietmar\AppData\Local\ORPALIS
2015-06-26 17:40 - 2015-06-26 17:40 - 22799599 _____ C:\Users\dietmar\Downloads\paperscanfree.zip
2015-06-26 17:40 - 2015-06-26 17:40 - 00000000 ____D C:\Users\dietmar\AppData\Local\Downloaded Installations
2015-06-26 17:37 - 2015-06-26 17:37 - 02623680 _____ (Hewlett-Packard ) C:\Users\dietmar\Downloads\setup_basic_2300.exe
2015-06-26 03:03 - 2015-06-30 13:03 - 00000000 ____D C:\Users\dietmar\Desktop\trojanerboard
2015-06-26 03:01 - 2015-06-26 03:01 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\dietmar\Downloads\avira_de_av_558ca44ee5bc3__ws.exe
2015-06-26 01:37 - 2015-06-26 01:37 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2015-06-26 01:36 - 2015-06-26 01:36 - 00000000 ____D C:\Users\Public\Documents\Conexant
2015-06-26 01:36 - 2013-07-02 09:10 - 00004712 _____ C:\WINDOWS\system32\Drivers\SamSfPa.dat
2015-06-26 01:36 - 2011-09-01 14:23 - 00447104 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2015-06-26 01:35 - 2013-07-25 13:39 - 00206552 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2015-06-26 01:32 - 2013-10-18 12:47 - 01387200 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\CHDRT64.sys
2015-06-26 01:32 - 2013-09-09 12:02 - 06217904 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-06-26 01:32 - 2013-09-09 12:02 - 00313520 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-06-26 01:32 - 2013-09-09 12:01 - 01938608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-06-26 01:32 - 2013-09-09 12:01 - 00260272 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-06-26 01:32 - 2013-09-03 17:16 - 00936640 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64BP06.dll
2015-06-26 01:32 - 2013-08-20 12:28 - 02832088 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A40.DLL
2015-06-26 01:32 - 2013-08-05 17:11 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-06-26 01:32 - 2013-05-15 14:27 - 00406208 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CSpkExt64.dll
2015-06-26 01:32 - 2012-06-29 12:04 - 00050848 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxPageMaster64.dll
2015-06-26 01:32 - 2012-01-16 09:42 - 00666240 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\C3DHPExt64.dll
2015-06-26 01:32 - 2011-01-18 07:35 - 00030893 _____ C:\WINDOWS\system32\Drivers\Mixer.ini
2015-06-26 01:28 - 2014-07-29 12:57 - 23048704 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 18033152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 10942144 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 08461824 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 06625280 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 04348888 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 04345304 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 04011168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 03818864 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-06-26 01:28 - 2014-07-29 12:57 - 02478384 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 02023936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01756160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01673216 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01552896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01455776 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01137080 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01132960 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00930264 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00792736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00734720 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00657920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00646304 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00603296 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00544216 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00543704 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00501720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00446424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00444408 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00416216 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00397272 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00396760 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00373248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00358912 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00352232 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00344736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00330240 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00315352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00294912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00291328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00272384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00254976 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-06-26 01:28 - 2014-07-29 12:57 - 00250368 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00244184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00223744 _____ C:\WINDOWS\system32\igdde64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00218808 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00214016 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00210592 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00191448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00188456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00187508 _____ C:\WINDOWS\system32\resTHA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00184320 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00183808 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00183800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00182784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3855.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00180324 _____ C:\WINDOWS\system32\resELL.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00177824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00176180 _____ C:\WINDOWS\system32\resRUS.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00162036 _____ C:\WINDOWS\system32\resARA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00161492 _____ C:\WINDOWS\system32\resHEB.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00161428 _____ C:\WINDOWS\system32\resJPN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00160256 _____ C:\WINDOWS\system32\igdail64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00159056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00156852 _____ C:\WINDOWS\system32\resFRA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00156836 _____ C:\WINDOWS\system32\resHUN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155140 _____ C:\WINDOWS\system32\resKOR.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155044 _____ C:\WINDOWS\system32\resITA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155044 _____ C:\WINDOWS\system32\resDEU.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154884 _____ C:\WINDOWS\system32\resROM.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154772 _____ C:\WINDOWS\system32\resESN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154624 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00154340 _____ C:\WINDOWS\system32\resPLK.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154196 _____ C:\WINDOWS\system32\resSKY.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154004 _____ C:\WINDOWS\system32\resNLD.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153444 _____ C:\WINDOWS\system32\resPTB.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153300 _____ C:\WINDOWS\system32\resTRK.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153268 _____ C:\WINDOWS\system32\resCSY.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153140 _____ C:\WINDOWS\system32\resPTG.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153048 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00152724 _____ C:\WINDOWS\system32\resFIN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00152292 _____ C:\WINDOWS\system32\resHRV.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00151844 _____ C:\WINDOWS\system32\resSVE.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00151668 _____ C:\WINDOWS\system32\resSLV.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00150740 _____ C:\WINDOWS\system32\resNOR.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00150228 _____ C:\WINDOWS\system32\resDAN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00148916 _____ C:\WINDOWS\system32\resENU.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00147140 _____ C:\WINDOWS\system32\resCHT.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00146308 _____ C:\WINDOWS\system32\resCHS.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00143360 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00128672 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00094368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00070144 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00069632 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00058880 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00030720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00002568 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-06-25 19:03 - 2015-06-25 19:04 - 00001251 _____ C:\Users\dietmar\Desktop\SPEEDPORT.lnk
2015-06-25 01:41 - 2015-06-26 17:20 - 00003356 _____ C:\Users\dietmar\Desktop\email-Fernuni.txt
2015-06-25 00:10 - 2015-06-25 00:10 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2015-06-24 23:15 - 2015-06-24 23:32 - 00000000 ____D C:\Users\dietmar\Desktop\dfk-data-Trancend
2015-06-23 21:54 - 2015-06-23 22:20 - 00013208 _____ C:\Users\dietmar\Desktop\Tätigkeitsbericht.D.KremerBeiINASchaeffler.odt
2015-06-23 19:23 - 2015-06-23 19:23 - 00001877 _____ C:\Users\dietmar\Desktop\Luna.lnk
2015-06-23 01:19 - 2015-07-10 21:42 - 00000000 ____D C:\FRST
2015-06-23 00:45 - 2015-06-23 00:45 - 00000000 _____ C:\Users\dietmar\defogger_reenable
2015-06-22 22:53 - 2015-06-22 22:53 - 00015360 _____ C:\Users\dietmar\Desktop\LinsenTests.xls
2015-06-22 05:08 - 2015-07-07 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Mozilla
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Users\dietmar\AppData\Local\Mozilla
2015-06-22 03:08 - 2015-06-27 19:19 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 03:08 - 2015-06-27 16:20 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 03:08 - 2015-06-22 03:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-22 03:08 - 2015-06-22 03:08 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-22 03:08 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-22 03:08 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-22 00:52 - 2015-06-22 00:55 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-22 00:49 - 2015-06-22 00:49 - 05683024 _____ (Avast Software s.r.o.) C:\Users\dietmar\Downloads\avastclear.exe
2015-06-21 03:54 - 2015-06-24 02:21 - 00002866 _____ C:\Users\dietmar\AppData\Roaming\VoiceMeeterDefault.xml
2015-06-21 03:20 - 2015-06-21 03:20 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2015-06-21 03:20 - 2015-06-21 03:20 - 00000000 ____D C:\Program Files (x86)\VB
2015-06-21 02:52 - 2015-06-21 03:21 - 00000000 ____D C:\Program Files\VB
2015-06-20 22:29 - 2015-06-20 22:59 - 00159744 _____ C:\Users\dietmar\Documents\Studium.mdb
2015-06-20 04:06 - 2015-06-21 01:07 - 00000356 _____ C:\WINDOWS\Tasks\Chromium.job
2015-06-20 04:06 - 2015-06-20 04:06 - 00002694 _____ C:\WINDOWS\System32\Tasks\Chromium
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Opera Software
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Users\dietmar\AppData\Local\Opera Software
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-20 04:05 - 2015-06-20 04:05 - 00003260 _____ C:\WINDOWS\System32\Tasks\Opera N Sunday
2015-06-20 04:05 - 2015-06-20 04:05 - 00003260 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday
2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Shortcut
2015-06-20 03:54 - 2015-06-20 03:54 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\dlg
2015-06-20 03:53 - 2015-07-03 23:05 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-06-20 03:53 - 2015-06-20 03:53 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\AVG
2015-06-20 03:52 - 2015-06-20 03:53 - 00000000 ____D C:\ProgramData\AVG
2015-06-20 03:52 - 2015-06-20 03:52 - 00471968 _____ C:\WINDOWS\SysWOW64\dns.block
2015-06-20 03:52 - 2015-06-20 03:52 - 00471968 _____ C:\WINDOWS\system32\dns.block
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\DnsBlock
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\Avg
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Program Files (x86)\DnsBlock
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-20 03:51 - 2015-07-02 17:38 - 00000390 _____ C:\WINDOWS\Tasks\UEUEUFX1.job
2015-06-20 03:51 - 2015-06-20 03:51 - 00434208 _____ (DnsBlock) C:\WINDOWS\system32\DnsBlockA.dll
2015-06-20 03:51 - 2015-06-20 03:51 - 00433696 _____ (DnsBlock) C:\WINDOWS\system32\DnsBlockB.dll
2015-06-20 03:51 - 2015-06-20 03:51 - 00343584 _____ (DnsBlock) C:\WINDOWS\SysWOW64\DnsBlockB.dll
2015-06-20 03:51 - 2015-06-20 03:51 - 00343584 _____ (DnsBlock) C:\WINDOWS\SysWOW64\DnsBlockA.dll
2015-06-20 03:51 - 2015-06-20 03:51 - 00149024 _____ C:\WINDOWS\system32\DnsBlockUpdateSvc.exe
2015-06-20 03:51 - 2015-06-20 03:51 - 00002904 _____ C:\WINDOWS\System32\Tasks\UEUEUFX1
2015-06-20 03:51 - 2015-06-20 03:51 - 00000000 ____D C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2015-06-20 03:51 - 2015-06-20 03:51 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2015-06-19 01:59 - 2015-06-19 01:59 - 08142207 _____ C:\Users\dietmar\Desktop\Bewerbung.D.Kremer.Hemmerbach.odt
2015-06-19 01:54 - 2015-06-20 22:59 - 00000411 _____ C:\Users\dietmar\Desktop\bewerbÜbersicht.txt
2015-06-18 20:41 - 2015-06-18 20:41 - 00000000 ____D C:\Users\dietmar\AppData\Local\Macromedia
2015-06-17 03:08 - 2015-06-17 03:08 - 00000000 ____D C:\Users\dietmar\AppData\Local\Conexant
2015-06-17 02:36 - 2015-06-17 03:11 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-17 02:06 - 2015-06-20 03:10 - 00006880 _____ C:\WINDOWS\SMinstall.log
2015-06-17 01:46 - 2015-06-17 01:46 - 00000000 ____D C:\Program Files (x86)\Spectrum
2015-06-16 00:22 - 2015-06-16 00:22 - 00000000 ____D C:\Users\dietmar\AppData\Local\Apple Computer
2015-06-15 22:25 - 2015-06-25 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anwendungen
2015-06-15 20:30 - 2015-06-15 20:30 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Apple Computer
2015-06-15 14:53 - 2015-06-20 19:52 - 00000677 _____ C:\Users\dietmar\Desktop\DiDo.txt
2015-06-15 13:04 - 2015-06-15 13:04 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2015-06-15 13:04 - 2015-06-15 13:04 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2015-06-15 02:38 - 2015-06-15 02:38 - 00000000 ___SD C:\Users\dietmar\Documents\Meine Shapes
2015-06-15 02:34 - 2015-06-15 02:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\Users\dietmar\AppData\Local\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-15 02:32 - 2015-06-15 02:32 - 00000293 ____H C:\ProgramData\wb764821reg.bin
2015-06-15 01:43 - 2015-06-17 02:10 - 00000039 _____ C:\WINDOWS\vbaddin.ini
2015-06-15 01:40 - 2015-06-15 01:40 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-14 13:42 - 2015-06-14 13:42 - 00000000 ____D C:\ProgramData\Kestner
2015-06-14 13:42 - 2015-06-14 13:42 - 00000000 ____D C:\Program Files (x86)\Kestner
2015-06-14 01:47 - 2015-06-14 01:47 - 00000000 ____D C:\Meine Webseiten
2015-06-13 22:04 - 2015-06-26 22:34 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014
2015-06-13 22:04 - 2015-06-14 01:42 - 00000000 ____D C:\Users\dietmar\Documents\SQL Server Management Studio
2015-06-13 22:04 - 2015-06-13 22:04 - 00000020 ___SH C:\Users\MSSQL$SQLEXPRESS2014\ntuser.ini
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Vorlagen
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Startmenü
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Netzwerkumgebung
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Lokale Einstellungen
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Eigene Dateien
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Druckumgebung
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Documents\Eigene Musik
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Documents\Eigene Bilder
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Verlauf
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Anwendungsdaten
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Anwendungsdaten
2015-06-13 22:04 - 2015-06-13 00:12 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Microsoft Help
2015-06-13 22:04 - 2015-06-10 22:23 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\Documents\Visual Studio 2008
2015-06-13 22:04 - 2015-05-09 14:13 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\Documents\Visual Studio 2013
2015-06-13 22:04 - 2015-05-03 02:12 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-13 22:04 - 2015-05-03 02:12 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-13 22:04 - 2014-02-28 00:00 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Macromedia
2015-06-13 22:04 - 2014-02-22 06:37 - 00000369 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-13 22:04 - 2014-02-22 06:37 - 00000369 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-13 22:04 - 2014-02-21 05:27 - 00172224 _____ (Microsoft Corporation) C:\WINDOWS\system32\hadrres.dll
2015-06-13 22:04 - 2014-02-21 05:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fssres.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00103104 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS2014-sqlctr12.0.2000.8.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00088768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS2014-sqlctr12.0.2000.8.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00056000 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL12.SQLEXPRESS2014-sqlagtctr.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL12.SQLEXPRESS2014-sqlagtctr.dll
2015-06-13 22:04 - 2013-12-11 18:40 - 00002092 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-06-13 22:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-13 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-13 22:03 - 2015-06-13 22:03 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-06-13 22:02 - 2015-06-13 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-06-13 22:00 - 2015-06-13 22:00 - 00000000 ____D C:\WINDOWS\system32\RsFx
2015-06-13 21:57 - 2015-06-13 21:57 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2010
2015-06-13 21:56 - 2015-06-13 21:58 - 00000000 ____D C:\WINDOWS\SysWOW64\1031
2015-06-13 21:56 - 2015-06-13 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-06-13 21:54 - 2015-06-13 21:58 - 00000000 ____D C:\WINDOWS\system32\1031
2015-06-13 21:54 - 2015-06-13 21:54 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2015-06-13 21:54 - 2015-06-13 21:54 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2015-06-13 21:48 - 2015-06-13 21:48 - 00000931 _____ C:\Users\dietmar\Downloads\Downloads.lnk
2015-06-13 19:46 - 2015-07-08 21:51 - 00018123 _____ C:\Users\dietmar\Desktop\Lernen-Orte.odt
2015-06-13 13:26 - 2015-07-10 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-13 13:26 - 2015-06-13 13:26 - 00001062 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2015-06-13 13:26 - 2009-12-07 19:53 - 00117504 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2015-06-13 13:26 - 2009-12-07 19:36 - 00246224 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbnet.sys
2015-06-13 13:26 - 2009-10-12 15:23 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbdev.sys
2015-06-13 13:26 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2015-06-13 00:12 - 2015-06-13 00:12 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-06-13 00:12 - 2015-06-13 00:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-06-11 23:47 - 2015-06-26 18:06 - 00000000 ____D C:\Users\dietmar\AppData\Local\Microsoft_Corporation
2015-06-11 03:53 - 2015-06-14 20:23 - 00000000 ____D C:\Hola
2015-06-10 22:23 - 2015-06-10 22:23 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2015-06-10 22:23 - 2015-06-10 22:23 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2015-06-10 12:54 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 12:54 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 12:54 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 12:54 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 12:54 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 12:54 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 12:54 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 12:54 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 12:54 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 12:54 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 12:54 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 12:54 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 12:53 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 12:53 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 12:53 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 12:53 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 12:53 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 12:53 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 12:53 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 12:53 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 12:53 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 12:53 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 12:53 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 12:53 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 12:53 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 12:53 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 12:53 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 12:53 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 12:53 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 12:53 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 12:53 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 12:53 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 12:53 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 12:53 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 12:53 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 12:53 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 12:53 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 12:53 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 12:53 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 12:53 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 12:53 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 12:53 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 12:53 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 12:53 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 12:53 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 12:53 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 12:53 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 12:53 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 12:53 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 12:53 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 12:53 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 12:53 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 12:53 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 12:53 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 12:53 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 12:53 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 12:53 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 12:53 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 12:53 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 12:53 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 12:53 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 12:53 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 12:53 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 12:53 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 12:53 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 12:53 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 12:53 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 12:53 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 12:53 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 12:53 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 12:53 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 12:53 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 12:52 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 01:25 - 2015-06-15 22:27 - 00000000 ___RD C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multimedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 21:42 - 2015-05-02 22:46 - 00510464 ___SH C:\Users\dietmar\Desktop\Thumbs.db
2015-07-10 21:38 - 2014-02-27 23:25 - 01753108 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-10 21:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-10 20:51 - 2015-05-02 23:26 - 00000000 ____D C:\Users\dietmar\AppData\Local\Xmarks
2015-07-10 20:26 - 2015-04-27 17:55 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED136814-2FF4-44F4-9697-51514347B07F}
2015-07-10 19:06 - 2015-04-27 23:39 - 00000000 ____D C:\Users\dietmar\AppData\Local\ClassicShell
2015-07-10 12:11 - 2013-08-22 16:46 - 00128393 _____ C:\WINDOWS\setupact.log
2015-07-10 11:30 - 2015-04-27 17:55 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1349822815-2598862020-373602666-1001
2015-07-09 23:01 - 2014-02-27 23:33 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-07-09 13:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-08 23:07 - 2015-05-03 15:57 - 00021216 _____ C:\Users\dietmar\Desktop\install.lenovo.odt
2015-07-08 23:05 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-06 23:24 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 21:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-06 18:41 - 2015-04-28 22:39 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Notepad++
2015-07-06 18:41 - 2015-04-28 22:39 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-07-05 12:51 - 2015-05-05 22:03 - 00000000 ____D C:\Users\dietmar\AppData\Local\CrashDumps
2015-07-04 14:52 - 2015-05-01 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-07-02 17:43 - 2015-04-27 17:51 - 00000000 ___DO C:\Users\dietmar\SkyDrive
2015-07-02 01:01 - 2014-02-27 23:37 - 07045534 _____ C:\Users\Public\CAFADEBUG.log
2015-06-30 18:16 - 2014-02-28 08:16 - 00964858 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-30 18:16 - 2014-02-28 08:16 - 00238724 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-30 18:16 - 2013-10-07 20:27 - 02286860 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-29 15:44 - 2015-04-27 17:50 - 00133632 _____ C:\WINDOWS\SysWOW64\Xui.trf
2015-06-29 15:41 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-29 15:41 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-28 22:41 - 2015-05-27 15:41 - 00002108 _____ C:\Users\dietmar\Desktop\Organsisation.lnk
2015-06-28 01:50 - 2013-10-07 20:23 - 01026442 _____ C:\WINDOWS\PFRO.log
2015-06-27 18:05 - 2015-05-02 00:18 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2013
2015-06-26 22:35 - 2015-04-27 17:49 - 00000000 ____D C:\Users\dietmar
2015-06-26 22:34 - 2013-08-22 16:44 - 00530080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-26 18:42 - 2014-02-27 23:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-26 18:01 - 2014-02-27 23:40 - 00016738 _____ C:\WINDOWS\system32\results.xml
2015-06-26 17:45 - 2014-02-27 23:24 - 00121474 _____ C:\WINDOWS\DPINST.LOG
2015-06-26 01:33 - 2014-02-27 23:36 - 00000000 ____D C:\ProgramData\Conexant
2015-06-26 00:40 - 2014-02-27 23:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-06-26 00:40 - 2014-02-27 23:34 - 00000000 ____D C:\Program Files\Lenovo
2015-06-24 22:45 - 2015-05-01 13:59 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Büro
2015-06-24 14:47 - 2015-05-15 14:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 19:27 - 2015-05-02 23:11 - 00002224 _____ C:\Users\dietmar\Desktop\Musik.lnk
2015-06-23 19:21 - 2015-05-02 22:46 - 00001838 _____ C:\Users\dietmar\Desktop\Amalthea.lnk
2015-06-22 23:44 - 2015-05-29 02:20 - 00001213 _____ C:\Users\dietmar\Desktop\Android Studio.lnk
2015-06-22 04:09 - 2015-05-03 22:31 - 00000000 ____D C:\Users\dietmar\AppData\Local\Google
2015-06-22 04:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Resources
2015-06-22 04:04 - 2015-06-06 15:38 - 00000000 ____D C:\Program Files (x86)\TampaInit
2015-06-22 02:01 - 2015-05-03 22:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-22 00:50 - 2015-05-15 14:00 - 00000000 ____D C:\Program Files\Google
2015-06-21 02:51 - 2013-07-11 08:57 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_cable64_win7.sys
2015-06-21 01:33 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Nitro PDF
2015-06-20 03:53 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-06-18 19:24 - 2015-04-27 17:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\Adobe
2015-06-17 02:37 - 2014-02-27 23:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-17 02:14 - 2015-06-09 18:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-17 02:06 - 2015-06-02 21:07 - 00000000 ____D C:\SWTOOLS
2015-06-15 22:27 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-15 13:02 - 2015-06-09 18:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-06-15 01:45 - 2015-05-01 14:13 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Entwicklung
2015-06-15 01:42 - 2014-02-28 00:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-15 01:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-15 01:41 - 2015-05-07 21:13 - 00000929 _____ C:\WINDOWS\ODBC.INI
2015-06-14 14:44 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Local\VirtualStore
2015-06-13 22:01 - 2015-05-01 23:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-13 21:58 - 2015-05-01 23:35 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2015-06-13 21:58 - 2015-05-01 23:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-13 21:58 - 2015-05-01 23:18 - 00000000 ____D C:\WINDOWS\system32\1033
2015-06-13 19:52 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Local\Packages
2015-06-13 15:29 - 2015-05-01 14:00 - 00000000 ___RD C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-13 13:27 - 2015-06-05 18:12 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2015-06-13 00:54 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-13 00:24 - 2013-08-22 15:25 - 00000290 _____ C:\WINDOWS\win.ini
2015-06-13 00:22 - 2015-06-09 18:01 - 00002635 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk
2015-06-13 00:22 - 2015-06-09 18:01 - 00002631 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk
2015-06-11 21:12 - 2015-05-03 09:34 - 00000000 __SHD C:\Users\dietmar\AppData\Local\EmieBrowserModeList
2015-06-11 21:12 - 2015-05-02 22:34 - 00000000 __SHD C:\Users\dietmar\AppData\Local\EmieUserList
2015-06-11 21:12 - 2015-05-02 22:34 - 00000000 __SHD C:\Users\dietmar\AppData\Local\EmieSiteList
2015-06-11 03:48 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-11 03:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 23:13 - 2015-04-29 18:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 23:10 - 2015-04-29 18:58 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 16:45 - 2015-06-09 18:06 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2008
2015-06-10 16:45 - 2015-06-09 18:06 - 00000000 ____D C:\Users\dietmar\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2015-04-27 17:51 - 2015-05-02 01:38 - 0001516 _____ () C:\Users\dietmar\AppData\Roaming\AbsoluteReminder.xml
2015-06-21 03:54 - 2015-06-24 02:21 - 0002866 _____ () C:\Users\dietmar\AppData\Roaming\VoiceMeeterDefault.xml
2015-04-27 17:50 - 2015-04-27 17:50 - 0000193 _____ () C:\Users\dietmar\AppData\Local\RegisteredPackageInformation.xml
2014-02-27 23:36 - 2014-02-27 23:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-15 02:32 - 2015-06-15 02:32 - 0000293 ____H () C:\ProgramData\wb764821reg.bin

Some files in TEMP:
====================
C:\Users\dietmar\AppData\Local\Temp\avgnt.exe
C:\Users\dietmar\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\dietmar\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\dietmar\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\dietmar\AppData\Local\Temp\hcwclear.exe
C:\Users\dietmar\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.204.exe
C:\Users\dietmar\AppData\Local\Temp\IR32.exe
C:\Users\dietmar\AppData\Local\Temp\KUIU.EXE
C:\Users\dietmar\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\dietmar\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
C:\Users\dietmar\AppData\Local\Temp\pyl2B2A.tmp.exe
C:\Users\dietmar\AppData\Local\Temp\pylF3F7.tmp.exe
C:\Users\dietmar\AppData\Local\Temp\Quarantine.exe
C:\Users\dietmar\AppData\Local\Temp\Remove.exe
C:\Users\dietmar\AppData\Local\Temp\ResetDevice.exe
C:\Users\dietmar\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\dietmar\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\dietmar\AppData\Local\Temp\sqlite3.dll
C:\Users\dietmar\AppData\Local\Temp\vsdel.exe
C:\Users\dietmar\AppData\Local\Temp\xmlUpdater.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 20:32


==================== End of log ============================

--- --- ---

[/CODE]

didier · 10.07.2015, 21:07

addition.txt:

[CODE]

Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by dietmar at 2015-07-10 21:43:38
Running from C:\Users\dietmar\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1349822815-2598862020-373602666-500 - Administrator - Disabled)
dietmar (S-1-5-21-1349822815-2598862020-373602666-1001 - Administrator - Enabled) => C:\Users\dietmar
Gast (S-1-5-21-1349822815-2598862020-373602666-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1349822815-2598862020-373602666-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.12.25 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6.10.1246 - Avira Operations GmbH & Co. KG)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.9.0 - Conexant)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic German Language Pack for Visual Studio 2008 (HKLM-x32\...\{3924C3E7-C440-4B23-9740-9A9EC0545F21}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) (HKLM\...\{1D5F34D0-6329-4D92-B81A-E24E9028910C}) (Version: 10.5.0.0 - Business Objects)
Das große DGS Wörterbuch 1.0.2.6 (HKLM-x32\...\{71FB874A-A992-4ED6-9522-6EFF78ADDDCB}_is1) (Version:  - Verlag Karin Kestner)
Dependency Package Update (Version: 1.6.30.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DNSBlock (HKLM\...\{7b5da7f5-de7d-4e00-b330-a2e08e460095}) (Version: 1.0.0 - NETNS GMBH)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
FreeFileSync 7.2 (HKLM-x32\...\FreeFileSync) (Version: 7.2 - www.FreeFileSync.org)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.28314 - Hauppauge Computer Works)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB971091) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB973674) (Version: 1 - Microsoft Corporation)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3855 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.1.12.100 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.8 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.9 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.2 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0037 - Lenovo)
Lenovo Transition (HKLM\...\{660FFFA1-BC46-4B79-A3B5-E51D8964FF1F}) (Version: 1.0.002.00 - Lenovo Group Limited)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{B1060346-9388-4C5B-AA52-176C39819E43}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{72CCBEA1-8D57-4981-A337-81019F28C5BA}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Document Explorer 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{7D1C6D7B-8E3F-4724-94C8-AA7EB7F60AE0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014-Laufzeit (HKLM-x32\...\{30956415-84C1-4F0C-B2AD-BC8944730DDA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014-Setup (Deutsch) (HKLM\...\{75990ACD-8124-45DB-BAED-6D5B51305F6D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 DEU (HKLM-x32\...\{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices DEU (HKLM-x32\...\{1C3ADB5F-750E-4453-AC98-B75C5323845C}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server*2014 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server*2014 Express LocalDB  (HKLM\...\{CA191120-4CB1-4E3D-89B8-79FDB9017A2E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Policies  (HKLM-x32\...\{B23A3E56-8859-4F60-B3FA-FA14DE9050B5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL Compiler Service  (HKLM\...\{BC87D3DC-0257-4C81-8795-A0AAE6560B11}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom  (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - DEU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2014 (HKLM\...\{D390AADD-C825-4B31-8C79-83A9461D5524}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{AC888A60-9557-3B74-B52B-F353D01BD544}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{9408684F-E1CC-4D2E-AE15-886023557682}) (Version: 12.0.2000.8 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.01.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2014 (HKLM-x32\...\{B7312B95-77C6-497E-A63F-596A77B20F31}) (Version: 12.0.2000.8 - Microsoft Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.12.68 - )
ThinkPad USB 3.0 Dock (HKLM-x32\...\{69109A9C-1D00-4A84-9ABF-AAE9CADD20DD}) (Version: 1.07.15 - Lenovo)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.10 - Lenovo)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{D8125A39-ADEE-4187-B04D-DB6CF489AF61}) (Version: 10.3.5500.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB972221) (Version: 1 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual Studio .NET Prerequisites - English (HKLM\...\{ACD875CC-A146-3125-8F99-D3766F46FD86}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.0.0.0 - 1&1 Mail & Media GmbH)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{DA7F48EF-5F56-45FE-9169-3B8159A7A323}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Intel hdc  (07/25/2013 9.4.0.1023) (HKLM\...\87403FF3ADDFA1770936C9436A187AC3B9FBC8DE) (Version: 07/25/2013 9.4.0.1023 - Intel)
Windows-Treiberpaket - Intel System  (07/25/2013 9.4.0.1023) (HKLM\...\BDBD400472735932E15286ACD00A1DA1856D2B6D) (Version: 07/25/2013 9.4.0.1023 - Intel)
Windows-Treiberpaket - Intel System  (08/21/2013 9.4.0.1027) (HKLM\...\FC58A12A405BF6933FC97269FF68C969D128F381) (Version: 08/21/2013 9.4.0.1027 - Intel)
Windows-Treiberpaket - Intel USB  (07/31/2013 9.4.0.1025) (HKLM\...\A6995A77D26D0B0292A9C3B4878836D232899FE0) (Version: 07/31/2013 9.4.0.1025 - Intel)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
Windows-Treiberpaket - Synaptics (SmbDrv) System  (02/06/2014 17.0.12.68) (HKLM\...\342F51AB97BF27B1CF8077CE6B9093FE14E716AE) (Version: 02/06/2014 17.0.12.68 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (02/06/2014 17.0.12.68) (HKLM\...\9B411E2775A7792CE52FB04188C3F02E3F15957F) (Version: 02/06/2014 17.0.12.68 - Synaptics)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1349822815-2598862020-373602666-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

02-07-2015 00:12:55 Windows Update
04-07-2015 14:51:18 Installed 7-Zip 9.20 (x64 edition)
08-07-2015 18:43:29 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0357BEDE-4507-4F72-BDFA-0B8931028617} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {042A31F1-534F-40BD-AE97-8EA0509E5CD6} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe
Task: {098C37F2-CD2F-4D3E-A436-F340E632EBE6} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-06-17] (Avira Operations GmbH & Co. KG)
Task: {14E7BF72-A5CB-4A19-BBDC-EBE430B97702} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {2B204E76-39F6-4038-BBCA-F6B76B29E5F3} - System32\Tasks\Lenovo\Lenovo Transition Launcher => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [2013-09-05] ()
Task: {33DDAD0F-AAC4-45C1-B04C-3AFE1D487C23} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {388D033E-44F5-4F23-BC2D-C2E8C5E02F1B} - System32\Tasks\Opera N Sunday => C:\Program Files (x86)\Opera\launcher.exe
Task: {6A2867A4-F584-4754-92D0-E8A940432F46} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7A106F16-A3B4-4A1E-9BF2-E4350A879251} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7B48DD43-7590-438E-9C30-476BE2E12C14} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7E763602-124E-49A5-82FA-C258B7685821} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {81C6F6C9-495E-490F-927F-E989DA002E0C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {8D063568-C1FB-4168-82F4-06BBC1DD222F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {9300C65A-FFDC-4BA2-ABBB-DE9CA3F07D90} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {99F891AA-221F-4AD5-BAB4-B95118D01F69} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
Task: {AF1667B7-4EB5-4F64-80E5-363C94674960} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-10] (Maxthon International ltd.)
Task: {B0329410-12EE-433F-9AC7-D1444DF54559} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {BE207E10-D102-40AB-AE0F-3A18CBB99688} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe
Task: {CB76B3E6-D321-4FF0-BFBB-CE18C45DA802} - System32\Tasks\UEUEUFX1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
Task: {D7A7BDC4-B6C4-4C00-A564-0045F2BB3072} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-05-15] ()
Task: {E699A9BE-E8FD-431F-A691-DA2E690EA731} - System32\Tasks\Chromium => C:\Users\dietmar\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: {FB56D49B-27C7-4D31-B0EC-2BCFDDAF8873} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FF49B497-86C2-4988-A31F-BFA4F3133B5B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-03-06] (Lenovo)
Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\dietmar\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\UEUEUFX1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-28 00:04 - 2013-11-01 18:16 - 00467720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-02-28 00:04 - 2013-11-01 18:16 - 00013064 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-09-05 18:28 - 2013-09-05 18:28 - 00292200 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2015-06-26 01:36 - 2010-10-26 11:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-02-28 00:04 - 2013-10-11 08:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-06-20 03:52 - 2015-06-20 03:52 - 00788000 _____ () C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe
2013-09-05 18:28 - 2013-09-05 18:28 - 00106856 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2015-06-13 13:26 - 2010-01-08 15:59 - 00540672 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2014-02-27 23:32 - 2013-09-16 21:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-03 19:08 - 2015-05-03 19:08 - 00799232 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\86865ced79f3180ebdfa736d895e5edb\Windows.Networking.ni.dll
2015-05-23 04:11 - 2015-05-23 04:11 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2014-02-28 00:04 - 2013-07-25 17:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-02-28 00:04 - 2013-07-25 17:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-09-05 18:28 - 2013-09-05 18:28 - 00097128 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2013-09-05 18:28 - 2013-09-05 18:28 - 00101224 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-06-27 14:36 - 2014-06-27 14:36 - 00107520 _____ () C:\Program Files (x86)\Xmarks\IE Extension\zlib1.dll
2015-06-13 13:26 - 2010-01-15 14:53 - 00014848 _____ () C:\Program Files (x86)\Mobile Partner\isaputrace.dll
2015-06-13 13:26 - 2010-03-04 11:23 - 00114688 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
2015-06-13 13:26 - 2010-03-04 11:24 - 00057344 _____ () C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
2015-06-13 13:26 - 2010-03-04 11:21 - 00147456 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
2015-06-13 13:26 - 2010-03-04 11:19 - 00090112 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2015-06-13 13:26 - 2010-03-04 11:00 - 00991232 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2015-06-13 13:26 - 2010-01-15 14:53 - 00167936 _____ () C:\Program Files (x86)\Mobile Partner\DetectDev.dll
2015-06-13 13:26 - 2010-01-15 14:53 - 00598016 _____ () C:\Program Files (x86)\Mobile Partner\atcomm.dll
2015-06-13 13:26 - 2010-01-15 14:53 - 00061440 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2015-06-13 13:26 - 2010-01-15 14:53 - 00061440 _____ () C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
2015-06-13 13:26 - 2010-03-04 11:26 - 00032768 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2015-06-13 13:26 - 2010-03-04 11:27 - 00139264 _____ () C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
2015-06-13 13:26 - 2010-03-04 11:18 - 00245760 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2015-06-13 13:26 - 2010-01-15 14:53 - 00090112 _____ () C:\Program Files (x86)\Mobile Partner\FileManager.dll
2015-06-13 13:26 - 2010-03-04 11:27 - 00163840 _____ () C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
2015-06-08 21:06 - 2015-06-08 21:06 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-05-15 16:24 - 2015-05-15 16:24 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\dietmar\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.17.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4020B7A5-CA19-4F5F-873B-15483EA13D5C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5FBF9BE7-B387-4BC1-83F9-DAAF9D8C14F4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F99DA584-81DB-4B99-A70D-DCD2A544931D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{E74E1D67-A7C4-4F48-80E2-B857C87100F5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E13B7E83-E963-4172-95AE-1FA58E6127FE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{DA05E8E3-2908-44A1-8A82-6E7B4AB347D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{366D027B-D2BB-4952-A14A-30AB7C2B126F}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5418BC7E-6CC5-47A1-81D6-FF0D8D1504EB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{D1B3E46D-56F9-4A1D-9A66-2221D834A057}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{EA07E8B0-B47D-4989-B047-B4BBC492CE15}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{F26E5B2E-EC32-4FC7-9C65-6E3D67BCD594}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{56C13753-D791-4322-B197-A647B23601BF}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{7DB79029-8301-4B52-886E-3E48EFB292A4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{F8DEE95C-825E-4CC4-AFD1-955927C8573C}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{8BDA8D0D-18C6-49AA-962D-18AD120CC15A}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{1FBB9DF3-3199-4A59-B747-BE0DCC9081B1}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{3128A6D6-6AE5-42FD-A1D9-148A713A98FB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{29CF88BF-F5F7-4E95-88CE-2E88965AD67F}] => (Allow) C:\Users\dietmar\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{5F520873-356C-45EC-9B90-3FB9E7B6B9ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDAC28E0-6B62-420F-91EB-2051C7F20203}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Lenovo Primary iM Controller
Description: Lenovo Primary iM Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corporation
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Lenovo Settings
Description: Lenovo Settings
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corporation
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Lenovo Settings Power
Description: Lenovo Settings Power
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corporation
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Lenovo Settings Camera Audio
Description: Lenovo Settings Camera Audio
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corporation
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: HID-Sensorsammlung
Description: HID-Sensorsammlung
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft
Service: SensorsHIDClassDriver
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2015 05:48:25 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CAudioControl::SetMute   Unable to set the audio device mute state, GLE=14007

Error: (07/10/2015 04:12:46 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (07/10/2015 02:41:00 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (07/10/2015 05:53:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/10/2015 05:52:31 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "1.0" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/10/2015 05:51:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (07/09/2015 09:03:47 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CAudioControl::SetMute   Unable to set the audio device mute state, GLE=14007

Error: (07/09/2015 03:47:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (07/09/2015 01:32:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DnsBlockUpdateSvc.exe, Version: 0.0.0.0, Zeitstempel: 0x5559ea27
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000351db
ID des fehlerhaften Prozesses: 0x7b8
Startzeit der fehlerhaften Anwendung: 0xDnsBlockUpdateSvc.exe0
Pfad der fehlerhaften Anwendung: DnsBlockUpdateSvc.exe1
Pfad des fehlerhaften Moduls: DnsBlockUpdateSvc.exe2
Berichtskennung: DnsBlockUpdateSvc.exe3
Vollständiger Name des fehlerhaften Pakets: DnsBlockUpdateSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DnsBlockUpdateSvc.exe5

Error: (07/07/2015 06:10:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (07/10/2015 07:21:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Avira.ServiceHost erreicht.

Error: (07/10/2015 11:20:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/10/2015 11:19:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/10/2015 11:18:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/10/2015 11:17:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/10/2015 11:16:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/10/2015 11:15:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/10/2015 11:14:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/10/2015 11:13:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/10/2015 11:11:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-26 15:18:50.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.663
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 44%
Total physical RAM: 8102.8 MB
Available physical RAM: 4529.01 MB
Total Pagefile: 16294.8 MB
Available Pagefile: 10938.72 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:625.05 GB) (Free:488.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 658E0480)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 8CF416B6)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

M-K-D-B · 10.07.2015, 21:21

Servus,

vielen Dank für die Antworten.

Wir beginnen so:

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
S2 DnsBlockUpdateSvc; C:\WINDOWS\system32\DnsBlockUpdateSvc.exe [149024 2015-06-20] ()
C:\WINDOWS\system32\DnsBlockUpdateSvc.exe
HKLM-x32\...\Run: [DnsBlock] => C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe [788000 2015-06-20] ()
C:\Program Files (x86)\DnsBlock
C:\Program Files\{8D2087A3-E941-45D5-B35F-AD696FAF5B29}
C:\Program Files (x86)\{D23109FC-1925-4B9E-B8E0-536C11A71C97}
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\DnsBlockA.dll [343584 2015-06-20] (DnsBlock)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\DnsBlockB.dll [343584 2015-06-20] (DnsBlock)
Winsock: Catalog5-x64 05 C:\WINDOWS\system32\DnsBlockA.dll [434208 2015-06-20] (DnsBlock)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\DnsBlockB.dll [433696 2015-06-20] (DnsBlock)
C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}
C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}
C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}
C:\WINDOWS\Installer\{1D560D36-1A48-454B-BAF7-9189874D2D09}
C:\WINDOWS\SysWOW64\dns.block
C:\WINDOWS\system32\dns.block
C:\WINDOWS\system32\DnsBlockA.dll
C:\WINDOWS\system32\DnsBlockB.dll
C:\WINDOWS\SysWOW64\DnsBlockB.dll
C:\WINDOWS\SysWOW64\DnsBlockA.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Deaktiviere dein Anti-Viren-Programm.
Gehe zum Ordner C:\FRST\Quarantine.
Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
Lade die Quarantine.zip im Upload-Channel hoch.
Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
Klicke abschließend auf Hochladen.
Vielen Dank für deine Hilfe.
Aktiviere dein Anti-Viren-Programm wieder.

Schritt 3
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 5

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 6

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
eine Rückmeldung bezüglich des Uploads,
die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

didier · 12.07.2015, 17:53

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by dietmar at 2015-07-11 20:49:54 Run:1
Running from C:\Users\dietmar\Desktop\trojanerboard\FRST
Loaded Profiles: dietmar & MSSQL$SQLEXPRESS2014 (Available Profiles: dietmar & MSSQL$SQLEXPRESS2014 & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
S2 DnsBlockUpdateSvc; C:\WINDOWS\system32\DnsBlockUpdateSvc.exe [149024 2015-06-20] ()
C:\WINDOWS\system32\DnsBlockUpdateSvc.exe
HKLM-x32\...\Run: [DnsBlock] => C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe [788000 2015-06-20] ()
C:\Program Files (x86)\DnsBlock
C:\Program Files\{8D2087A3-E941-45D5-B35F-AD696FAF5B29}
C:\Program Files (x86)\{D23109FC-1925-4B9E-B8E0-536C11A71C97}
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\DnsBlockA.dll [343584 2015-06-20] (DnsBlock)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\DnsBlockB.dll [343584 2015-06-20] (DnsBlock)
Winsock: Catalog5-x64 05 C:\WINDOWS\system32\DnsBlockA.dll [434208 2015-06-20] (DnsBlock)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\DnsBlockB.dll [433696 2015-06-20] (DnsBlock)
C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}
C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}
C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}
C:\WINDOWS\Installer\{1D560D36-1A48-454B-BAF7-9189874D2D09}
C:\WINDOWS\SysWOW64\dns.block
C:\WINDOWS\system32\dns.block
C:\WINDOWS\system32\DnsBlockA.dll
C:\WINDOWS\system32\DnsBlockB.dll
C:\WINDOWS\SysWOW64\DnsBlockB.dll
C:\WINDOWS\SysWOW64\DnsBlockA.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Processes closed successfully.
DnsBlockUpdateSvc => Service removed successfully
C:\WINDOWS\system32\DnsBlockUpdateSvc.exe => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DnsBlock => value removed successfully
C:\Program Files (x86)\DnsBlock => moved successfully.
"C:\Program Files\{8D2087A3-E941-45D5-B35F-AD696FAF5B29}" => File/Folder not found.
"C:\Program Files (x86)\{D23109FC-1925-4B9E-B8E0-536C11A71C97}" => File/Folder not found.
Winsock: Catalog entry 000000000005 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
Winsock: Catalog entry 000000000005 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32} => moved successfully.
C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8} => moved successfully.
C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D} => moved successfully.
"C:\WINDOWS\Installer\{1D560D36-1A48-454B-BAF7-9189874D2D09}" => File/Folder not found.
C:\WINDOWS\SysWOW64\dns.block => moved successfully.
C:\WINDOWS\system32\dns.block => moved successfully.
C:\WINDOWS\system32\DnsBlockA.dll => moved successfully.
C:\WINDOWS\system32\DnsBlockB.dll => moved successfully.
C:\WINDOWS\SysWOW64\DnsBlockB.dll => moved successfully.
C:\WINDOWS\SysWOW64\DnsBlockA.dll => moved successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Auflճungscache wurde geleert.

========= End of CMD: =========


=========  netsh winsock reset =========

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 11003

Der Winsock-Katalog wurde zur£kgesetzt.
Sie m³sen den Computer neu starten, um den Vorgang abzuschlie⦮.


========= End of CMD: =========

EmptyTemp: => 2.5 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 20:51:19 ====

Der upoload erfolgte am Samstag, 11.6.15 am angegebenen Ort
wie dort gewünscht mit einem Link auf das Thema:
"Browser von download protect 2.2.7/2.2.8 befallen"

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.208 - Bericht erstellt 11/07/2015 um 23:15:29
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-10.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : dietmar - LENOVO-PC
# Gestarted von : C:\Users\dietmar\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Hola
Datei Gelöscht : C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E7BF74EE-9106-4113-B216-2F980BA29141}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Schlüssel Gelöscht : HKLM\SOFTWARE\SecurityUtility
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SecurityUtility

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 de)

[g8w01yf3.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.installed", "[\"safesearchplus\"]");
[g8w01yf3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Avira SafeSearch");
[g8w01yf3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[g8w01yf3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"2032e47581e7d89e29036199d60c6adc1cadd801\"");
[g8w01yf3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1435337339160");
[g8w01yf3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\dietmar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8w01yf3.default\\\\extensions\\\\abs@a[...]

*************************

AdwCleaner[R0].txt - [11902 Bytes] - [09/06/2015 15:00:19]
AdwCleaner[R1].txt - [3392 Bytes] - [11/07/2015 23:13:02]
AdwCleaner[S0].txt - [10104 Bytes] - [09/06/2015 15:12:30]
AdwCleaner[S1].txt - [3223 Bytes] - [11/07/2015 23:15:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3282  Bytes] ##########

--- --- ---

[/CODE]

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 12.07.2015 15:49:09, SYSTEM, LENOVO-PC, Protection, Malware Protection, Starting, 
Protection, 12.07.2015 15:49:09, SYSTEM, LENOVO-PC, Protection, Malware Protection, Started, 
Protection, 12.07.2015 15:49:09, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12.07.2015 15:49:09, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, 
Update, 12.07.2015 15:49:14, SYSTEM, LENOVO-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.7.10.1, 
Update, 12.07.2015 15:49:14, SYSTEM, LENOVO-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1, 
Update, 12.07.2015 15:49:15, SYSTEM, LENOVO-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, 
Update, 12.07.2015 15:49:15, SYSTEM, LENOVO-PC, Manual, Remediation Database, 2015.3.9.1, 2015.7.1.2, 
Update, 12.07.2015 15:49:20, SYSTEM, LENOVO-PC, Manual, Malware Database, 2015.3.9.5, 2015.7.12.2, 
Protection, 12.07.2015 15:49:20, SYSTEM, LENOVO-PC, Protection, Refresh, Starting, 
Protection, 12.07.2015 15:49:20, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 12.07.2015 15:49:20, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 12.07.2015 15:49:24, SYSTEM, LENOVO-PC, Protection, Refresh, Success, 
Protection, 12.07.2015 15:49:24, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12.07.2015 15:49:24, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, 
Scan, 12.07.2015 16:33:49, SYSTEM, LENOVO-PC, Manual, Start: 12.07.2015 15:50:35, Dauer: 38 Minuten 57 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "5" nicht-Malwareerkennung, 
Protection, 12.07.2015 16:43:21, SYSTEM, LENOVO-PC, Protection, Malware Protection, Starting, 
Protection, 12.07.2015 16:43:21, SYSTEM, LENOVO-PC, Protection, Malware Protection, Started, 
Protection, 12.07.2015 16:43:21, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12.07.2015 16:43:50, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, 

(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.5 (07.12.2015:1)
OS: Windows 8.1 x64
Ran by dietmar on 12.07.2015 at 16:59:15,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\AviraSpeedup



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\tampainit
Successfully deleted: [Folder] C:\WINDOWS\syswow64\amd64
Successfully deleted: [Folder] C:\WINDOWS\syswow64\x86
Successfully deleted: [Folder] C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8



~~~ FireFox

Successfully deleted: [File] C:\Users\dietmar\AppData\Roaming\mozilla\firefox\profiles\g8w01yf3.default\searchplugins\avira-safesearch.xml
Successfully deleted the following from C:\Users\dietmar\AppData\Roaming\mozilla\firefox\profiles\g8w01yf3.default\prefs.js

user_pref(avira.safe_search.installed, [\safesearchplus\]);
user_pref(browser.search.defaultenginename, Avira SafeSearch);
user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
user_pref(extensions.bootstrappedAddons, {\safesearchplus@avira.com\:{\version\:\1.1.6\,\type\:\extension\,\descriptor\:\C:\\\\Users\\\\dietmar\\\\AppData\\\\R
user_pref(extensions.safesearch.MP_DISTINCT_ID, \5aea163e0f0f31536a51f9aa3f64468565ecccbd\);
user_pref(extensions.safesearch.install, 1436650698562);
user_pref(extensions.xpiState, {\app-profile\:{\abs@avira.com\:{\d\:\C:\\\\Users\\\\dietmar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8w01yf3.defau





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2015 at 17:03:06,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

didier · 12.07.2015, 18:16

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by dietmar (administrator) on LENOVO-PC on 12-07-2015 18:36:09
Running from C:\Users\dietmar\Desktop
Loaded Profiles: dietmar &  (Available Profiles: dietmar & MSSQL$SQLEXPRESS2014 & DefaultAppPool)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2776816 2014-02-06] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [600568 2013-11-05] (Lenovo Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: F - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {164435bc-095b-11e5-8287-0c8bfdd19371} - "F:\ViewHtml.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {164451e8-095b-11e5-8287-0c8bfdd19371} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {3aba170a-f4a8-11e4-8279-0c8bfdd19371} - "F:\.\Setup.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9b2-0fdc-11e5-828b-0050b66f480d} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9c8-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9f3-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {ab98e2d6-0702-11e5-8286-0c8bfdd19371} - "F:\ViewHtml.exe" 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001 -> {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///F:/launch.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1AB220C5-9E3C-4E80-A4EB-E9CE000FFB90}: [DhcpNameServer] 169.254.131.49
Tcpip\..\Interfaces\{1E5C9131-2ED6-4A3B-80EA-7C153A915BD3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6DCF1004-DED2-485B-88BB-064FB73CCE52}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{B62B51C8-4926-48F7-9539-CEC3FA7B4296}: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.328 -> C:\Users\dietmar\AppData\Local\Hola\firefox_hola\app\vlc No File
FF Plugin HKU\S-1-5-21-1349822815-2598862020-373602666-1001: @hola.org/vlc,version=1.8.204 -> C:\Users\dietmar\AppData\Local\Hola\firefox\app\vlc No File
FF Extension: Avira Browser Safety - C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\Extensions\abs@avira.com [2015-07-03]
FF Extension: Avira SafeSearch Plus - C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\Extensions\safesearchplus@avira.com [2015-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}] - C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}\{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{EFA5F30A-020C-4385-94B0-981865214E9C}] - C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}\{EFA5F30A-020C-4385-94B0-981865214E9C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{3E4405C6-6452-47C6-91AC-34450BF93D1A}] - C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}\{3E4405C6-6452-47C6-91AC-34450BF93D1A}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{D05BC06C-D105-4151-B55D-797AA986E224}] - C:\WINDOWS\Installer\{E1CF7752-C4D3-4D8C-9D47-EABADAE466AA}\{D05BC06C-D105-4151-B55D-797AA986E224}.xpi
FF Extension: No Name - C:\WINDOWS\Installer\{E1CF7752-C4D3-4D8C-9D47-EABADAE466AA}\{D05BC06C-D105-4151-B55D-797AA986E224}.xpi [2015-07-10]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573432 2013-11-05] (Lenovo Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2083592 2013-11-06] (Lenovo Group Limited)
S2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [695800 2013-11-05] (Lenovo Corporation)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [467720 2013-11-01] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-09] (Maxthon)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS2014; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S4 SQLAgent$SQLEXPRESS2014; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-04-29] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-04-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-07] ()
R3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-11] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-11] (DisplayLink Corp.)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R3 hcw17bda; C:\Windows\system32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2014-08-18] (Realsil Semiconductor Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-06] (Synaptics Incorporated)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-06-21] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 18:36 - 2015-07-12 18:36 - 00000000 ____D C:\Users\dietmar\Desktop\FRST-OlderVersion
2015-07-12 17:03 - 2015-07-12 17:03 - 00001982 _____ C:\Users\dietmar\Desktop\JRT.txt
2015-07-12 16:59 - 2015-07-12 16:59 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-LENOVO-PC-Windows-8.1-(64-bit).dat
2015-07-12 16:59 - 2015-07-12 16:59 - 00000000 ____D C:\RegBackup
2015-07-12 16:57 - 2015-07-12 16:57 - 03034102 _____ (Malwarebytes Corporation) C:\Users\dietmar\Desktop\JRT.exe
2015-07-12 16:55 - 2015-07-12 16:55 - 00002151 _____ C:\Users\dietmar\Desktop\mbam.txt
2015-07-12 15:51 - 2015-07-12 15:51 - 00003378 _____ C:\Users\dietmar\Desktop\AdwCleaner[S1].txt
2015-07-12 15:48 - 2015-07-12 15:48 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 15:48 - 2015-07-12 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-12 15:46 - 2015-07-12 15:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\dietmar\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-11 23:08 - 2015-07-11 23:08 - 02248704 _____ C:\Users\dietmar\Desktop\AdwCleaner_4.208.exe
2015-07-10 22:58 - 2015-07-12 16:33 - 00000000 ____D C:\Program Files\{BC947C05-6B47-4A69-9383-3593446CEC6C}
2015-07-10 22:58 - 2015-07-12 16:33 - 00000000 ____D C:\Program Files (x86)\{FB79D9F5-CFB9-4E79-B1F1-75E6FB233D09}
2015-07-10 21:42 - 2015-07-12 18:36 - 02130944 _____ (Farbar) C:\Users\dietmar\Desktop\FRST64.exe
2015-07-10 21:42 - 2015-07-12 18:36 - 00022660 _____ C:\Users\dietmar\Desktop\FRST.txt
2015-07-09 22:53 - 2015-07-10 15:49 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\FreeFileSync
2015-07-09 22:46 - 2015-07-10 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-09 22:46 - 2015-07-09 22:46 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-07-09 22:46 - 2015-07-09 22:46 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-07-09 22:46 - 2015-07-09 22:46 - 00002864 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-09 22:46 - 2015-07-09 22:46 - 00002864 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-07-09 22:45 - 2015-07-09 22:45 - 00000967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000957 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000955 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\RPEng
2015-07-09 22:45 - 2015-07-09 22:45 - 00000000 ____D C:\Program Files\FreeFileSync
2015-07-09 16:35 - 2015-07-09 16:35 - 00000194 _____ C:\Users\dietmar\Desktop\Heinemann.txt
2015-07-09 16:34 - 2015-07-09 16:35 - 00000479 _____ C:\Users\dietmar\Desktop\FernUniFrageWgNichtFreigeg.Kursen
2015-07-09 04:00 - 2015-07-11 17:32 - 00018588 _____ C:\Users\dietmar\Desktop\TelefonieEckdaten.odt
2015-07-09 04:00 - 2015-07-11 13:30 - 00018613 _____ C:\Users\dietmar\Desktop\TelefonieEckdatenD.odt
2015-07-06 23:31 - 2015-07-10 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 22:53 - 2015-07-06 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-07-06 18:41 - 2015-07-06 18:41 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 18:41 - 2015-07-06 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 18:30 - 2015-07-06 18:30 - 00000095 _____ C:\Users\dietmar\Desktop\Vertrag_zusätze.txt
2015-07-04 14:51 - 2015-07-04 14:51 - 00000000 ____D C:\Program Files\7-Zip
2015-07-04 14:50 - 2015-07-04 14:50 - 01376768 _____ C:\Users\dietmar\Downloads\7z920-x64.msi
2015-07-04 14:50 - 2015-07-04 14:50 - 01062749 _____ (Igor Pavlov) C:\Users\dietmar\Downloads\7z1505.exe
2015-07-04 10:59 - 2015-07-11 16:52 - 00024831 _____ C:\Users\dietmar\Desktop\Apo.odt
2015-07-02 17:53 - 2015-07-02 19:21 - 00159744 _____ C:\Users\dietmar\Documents\db1.mdb
2015-06-30 19:46 - 2015-07-10 22:41 - 00000201 _____ C:\Users\dietmar\Desktop\todoLocalCache.txt
2015-06-29 03:25 - 2015-07-12 11:41 - 00002280 ____H C:\Users\dietmar\Documents\Default.rdp
2015-06-29 03:01 - 2015-07-02 19:22 - 00000000 ____D C:\Users\dietmar\AppData\Local\AviraSpeedup
2015-06-29 00:37 - 2015-07-12 16:33 - 00000000 ____D C:\Program Files\{B80EC004-56AF-4899-AA4A-89CB150FB289}
2015-06-29 00:37 - 2015-07-12 16:33 - 00000000 ____D C:\Program Files (x86)\{CAA517D1-B09D-418D-A5C4-931B49C01DB4}
2015-06-26 22:34 - 2015-06-26 22:34 - 00341720 _____ C:\WINDOWS\Minidump\062615-41531-01.dmp
2015-06-26 22:34 - 2015-06-26 22:34 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-26 22:33 - 2015-06-26 22:33 - 1088599442 _____ C:\WINDOWS\MEMORY.DMP
2015-06-26 18:58 - 2015-06-26 18:58 - 02870984 _____ (ESET) C:\Users\dietmar\Downloads\esetsmartinstaller_deu.exe
2015-06-26 18:49 - 2015-06-26 18:49 - 00001116 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-06-26 18:49 - 2015-06-26 18:49 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-06-26 18:45 - 2015-06-26 18:45 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Avira
2015-06-26 18:44 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-06-26 18:42 - 2015-06-26 18:49 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-26 18:42 - 2015-06-26 18:44 - 00000000 ____D C:\ProgramData\Avira
2015-06-26 18:42 - 2015-06-26 18:42 - 00001179 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-26 18:03 - 2015-06-26 18:03 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-26 18:00 - 2015-06-26 18:00 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-26 17:47 - 2015-06-26 17:47 - 00000000 ____D C:\Users\dietmar\AppData\Local\ORPALIS
2015-06-26 17:40 - 2015-06-26 17:40 - 22799599 _____ C:\Users\dietmar\Downloads\paperscanfree.zip
2015-06-26 17:40 - 2015-06-26 17:40 - 00000000 ____D C:\Users\dietmar\AppData\Local\Downloaded Installations
2015-06-26 17:37 - 2015-06-26 17:37 - 02623680 _____ (Hewlett-Packard ) C:\Users\dietmar\Downloads\setup_basic_2300.exe
2015-06-26 03:03 - 2015-06-30 13:03 - 00000000 ____D C:\Users\dietmar\Desktop\trojanerboard
2015-06-26 03:01 - 2015-06-26 03:01 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\dietmar\Downloads\avira_de_av_558ca44ee5bc3__ws.exe
2015-06-26 01:37 - 2015-06-26 01:37 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2015-06-26 01:36 - 2015-06-26 01:36 - 00000000 ____D C:\Users\Public\Documents\Conexant
2015-06-26 01:36 - 2013-07-02 09:10 - 00004712 _____ C:\WINDOWS\system32\Drivers\SamSfPa.dat
2015-06-26 01:36 - 2011-09-01 14:23 - 00447104 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2015-06-26 01:35 - 2013-07-25 13:39 - 00206552 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2015-06-26 01:32 - 2013-10-18 12:47 - 01387200 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\CHDRT64.sys
2015-06-26 01:32 - 2013-09-09 12:02 - 06217904 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-06-26 01:32 - 2013-09-09 12:02 - 00313520 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-06-26 01:32 - 2013-09-09 12:01 - 01938608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-06-26 01:32 - 2013-09-09 12:01 - 00260272 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-06-26 01:32 - 2013-09-03 17:16 - 00936640 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64BP06.dll
2015-06-26 01:32 - 2013-08-20 12:28 - 02832088 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A40.DLL
2015-06-26 01:32 - 2013-08-05 17:11 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-06-26 01:32 - 2013-05-15 14:27 - 00406208 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CSpkExt64.dll
2015-06-26 01:32 - 2012-06-29 12:04 - 00050848 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxPageMaster64.dll
2015-06-26 01:32 - 2012-01-16 09:42 - 00666240 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\C3DHPExt64.dll
2015-06-26 01:32 - 2011-01-18 07:35 - 00030893 _____ C:\WINDOWS\system32\Drivers\Mixer.ini
2015-06-26 01:28 - 2014-07-29 12:57 - 23048704 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 18033152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 10942144 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 08461824 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 06625280 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 04348888 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 04345304 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 04011168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 03818864 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-06-26 01:28 - 2014-07-29 12:57 - 02478384 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 02023936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01756160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01673216 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01552896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01455776 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01137080 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01132960 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00930264 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00792736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00734720 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00657920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00646304 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00603296 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00544216 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00543704 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00501720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00446424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00444408 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00416216 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00397272 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00396760 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00373248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00358912 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00352232 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00344736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00330240 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00315352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00294912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00291328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00272384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00254976 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-06-26 01:28 - 2014-07-29 12:57 - 00250368 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00244184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00223744 _____ C:\WINDOWS\system32\igdde64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00218808 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00214016 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00210592 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00191448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00188456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00187508 _____ C:\WINDOWS\system32\resTHA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00184320 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00183808 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00183800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00182784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3855.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00180324 _____ C:\WINDOWS\system32\resELL.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00177824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00176180 _____ C:\WINDOWS\system32\resRUS.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00162036 _____ C:\WINDOWS\system32\resARA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00161492 _____ C:\WINDOWS\system32\resHEB.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00161428 _____ C:\WINDOWS\system32\resJPN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00160256 _____ C:\WINDOWS\system32\igdail64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00159056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00156852 _____ C:\WINDOWS\system32\resFRA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00156836 _____ C:\WINDOWS\system32\resHUN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155140 _____ C:\WINDOWS\system32\resKOR.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155044 _____ C:\WINDOWS\system32\resITA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155044 _____ C:\WINDOWS\system32\resDEU.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154884 _____ C:\WINDOWS\system32\resROM.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154772 _____ C:\WINDOWS\system32\resESN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154624 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00154340 _____ C:\WINDOWS\system32\resPLK.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154196 _____ C:\WINDOWS\system32\resSKY.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154004 _____ C:\WINDOWS\system32\resNLD.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153444 _____ C:\WINDOWS\system32\resPTB.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153300 _____ C:\WINDOWS\system32\resTRK.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153268 _____ C:\WINDOWS\system32\resCSY.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153140 _____ C:\WINDOWS\system32\resPTG.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153048 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00152724 _____ C:\WINDOWS\system32\resFIN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00152292 _____ C:\WINDOWS\system32\resHRV.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00151844 _____ C:\WINDOWS\system32\resSVE.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00151668 _____ C:\WINDOWS\system32\resSLV.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00150740 _____ C:\WINDOWS\system32\resNOR.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00150228 _____ C:\WINDOWS\system32\resDAN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00148916 _____ C:\WINDOWS\system32\resENU.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00147140 _____ C:\WINDOWS\system32\resCHT.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00146308 _____ C:\WINDOWS\system32\resCHS.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00143360 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00128672 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00094368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00070144 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00069632 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00058880 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00030720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00002568 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-06-25 19:03 - 2015-06-25 19:04 - 00001251 _____ C:\Users\dietmar\Desktop\SPEEDPORT.lnk
2015-06-25 01:41 - 2015-06-26 17:20 - 00003356 _____ C:\Users\dietmar\Desktop\email-Fernuni.txt
2015-06-25 00:10 - 2015-06-25 00:10 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2015-06-24 23:15 - 2015-06-24 23:32 - 00000000 ____D C:\Users\dietmar\Desktop\dfk-data-Trancend
2015-06-23 21:54 - 2015-06-23 22:20 - 00013208 _____ C:\Users\dietmar\Desktop\Tätigkeitsbericht.D.KremerBeiINASchaeffler.odt
2015-06-23 19:23 - 2015-06-23 19:23 - 00001877 _____ C:\Users\dietmar\Desktop\Luna.lnk
2015-06-23 01:19 - 2015-07-12 18:36 - 00000000 ____D C:\FRST
2015-06-23 00:45 - 2015-06-23 00:45 - 00000000 _____ C:\Users\dietmar\defogger_reenable
2015-06-22 22:53 - 2015-06-22 22:53 - 00015360 _____ C:\Users\dietmar\Desktop\LinsenTests.xls
2015-06-22 05:08 - 2015-07-10 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Mozilla
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Users\dietmar\AppData\Local\Mozilla
2015-06-22 03:08 - 2015-07-12 16:43 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 03:08 - 2015-07-12 15:48 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-22 03:08 - 2015-06-22 03:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-22 03:08 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-22 03:08 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 03:08 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-22 00:52 - 2015-06-22 00:55 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-22 00:49 - 2015-06-22 00:49 - 05683024 _____ (Avast Software s.r.o.) C:\Users\dietmar\Downloads\avastclear.exe
2015-06-21 03:54 - 2015-06-24 02:21 - 00002866 _____ C:\Users\dietmar\AppData\Roaming\VoiceMeeterDefault.xml
2015-06-21 03:20 - 2015-06-21 03:20 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2015-06-21 03:20 - 2015-06-21 03:20 - 00000000 ____D C:\Program Files (x86)\VB
2015-06-21 02:52 - 2015-06-21 03:21 - 00000000 ____D C:\Program Files\VB
2015-06-20 22:29 - 2015-06-20 22:59 - 00159744 _____ C:\Users\dietmar\Documents\Studium.mdb
2015-06-20 04:06 - 2015-06-21 01:07 - 00000356 _____ C:\WINDOWS\Tasks\Chromium.job
2015-06-20 04:06 - 2015-06-20 04:06 - 00002694 _____ C:\WINDOWS\System32\Tasks\Chromium
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Opera Software
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Users\dietmar\AppData\Local\Opera Software
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-20 04:05 - 2015-06-20 04:05 - 00003260 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday
2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Shortcut
2015-06-20 03:54 - 2015-06-20 03:54 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\dlg
2015-06-20 03:53 - 2015-07-11 20:53 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-20 03:53 - 2015-06-20 03:53 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\AVG
2015-06-20 03:52 - 2015-06-20 03:53 - 00000000 ____D C:\ProgramData\AVG
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\DnsBlock
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\Avg
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-20 03:51 - 2015-07-12 16:43 - 00000390 _____ C:\WINDOWS\Tasks\UEUEUFX1.job
2015-06-20 03:51 - 2015-06-20 03:51 - 00002904 _____ C:\WINDOWS\System32\Tasks\UEUEUFX1
2015-06-20 03:51 - 2015-06-20 03:51 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2015-06-19 01:59 - 2015-06-19 01:59 - 08142207 _____ C:\Users\dietmar\Desktop\Bewerbung.D.Kremer.Hemmerbach.odt
2015-06-19 01:54 - 2015-06-20 22:59 - 00000411 _____ C:\Users\dietmar\Desktop\bewerbÜbersicht.txt
2015-06-18 20:41 - 2015-06-18 20:41 - 00000000 ____D C:\Users\dietmar\AppData\Local\Macromedia
2015-06-17 03:08 - 2015-06-17 03:08 - 00000000 ____D C:\Users\dietmar\AppData\Local\Conexant
2015-06-17 02:36 - 2015-06-17 03:11 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-17 02:06 - 2015-06-20 03:10 - 00006880 _____ C:\WINDOWS\SMinstall.log
2015-06-17 01:46 - 2015-06-17 01:46 - 00000000 ____D C:\Program Files (x86)\Spectrum
2015-06-16 00:22 - 2015-06-16 00:22 - 00000000 ____D C:\Users\dietmar\AppData\Local\Apple Computer
2015-06-15 22:25 - 2015-06-25 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anwendungen
2015-06-15 20:30 - 2015-06-15 20:30 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Apple Computer
2015-06-15 14:53 - 2015-06-20 19:52 - 00000677 _____ C:\Users\dietmar\Desktop\DiDo.txt
2015-06-15 13:04 - 2015-06-15 13:04 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2015-06-15 13:04 - 2015-06-15 13:04 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2015-06-15 02:38 - 2015-06-15 02:38 - 00000000 ___SD C:\Users\dietmar\Documents\Meine Shapes
2015-06-15 02:34 - 2015-06-15 02:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\Users\dietmar\AppData\Local\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-15 02:32 - 2015-06-15 02:32 - 00000293 ____H C:\ProgramData\wb764821reg.bin
2015-06-15 01:43 - 2015-06-17 02:10 - 00000039 _____ C:\WINDOWS\vbaddin.ini
2015-06-15 01:40 - 2015-06-15 01:40 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-14 13:42 - 2015-06-14 13:42 - 00000000 ____D C:\ProgramData\Kestner
2015-06-14 13:42 - 2015-06-14 13:42 - 00000000 ____D C:\Program Files (x86)\Kestner
2015-06-14 01:47 - 2015-06-14 01:47 - 00000000 ____D C:\Meine Webseiten
2015-06-13 22:04 - 2015-07-11 20:49 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014
2015-06-13 22:04 - 2015-06-14 01:42 - 00000000 ____D C:\Users\dietmar\Documents\SQL Server Management Studio
2015-06-13 22:04 - 2015-06-13 22:04 - 00000020 ___SH C:\Users\MSSQL$SQLEXPRESS2014\ntuser.ini
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Vorlagen
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Startmenü
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Netzwerkumgebung
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Lokale Einstellungen
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Eigene Dateien
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Druckumgebung
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Documents\Eigene Musik
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Documents\Eigene Bilder
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Verlauf
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Anwendungsdaten
2015-06-13 22:04 - 2015-06-13 22:04 - 00000000 _SHDL C:\Users\MSSQL$SQLEXPRESS2014\Anwendungsdaten
2015-06-13 22:04 - 2015-06-13 00:12 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Local\Microsoft Help
2015-06-13 22:04 - 2015-06-10 22:23 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\Documents\Visual Studio 2008
2015-06-13 22:04 - 2015-05-09 14:13 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\Documents\Visual Studio 2013
2015-06-13 22:04 - 2015-05-03 02:12 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-13 22:04 - 2015-05-03 02:12 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-13 22:04 - 2014-02-28 00:00 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Macromedia
2015-06-13 22:04 - 2014-02-22 06:37 - 00000369 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-13 22:04 - 2014-02-22 06:37 - 00000369 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-13 22:04 - 2014-02-21 05:27 - 00172224 _____ (Microsoft Corporation) C:\WINDOWS\system32\hadrres.dll
2015-06-13 22:04 - 2014-02-21 05:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fssres.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00103104 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS2014-sqlctr12.0.2000.8.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00088768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS2014-sqlctr12.0.2000.8.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00056000 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL12.SQLEXPRESS2014-sqlagtctr.dll
2015-06-13 22:04 - 2014-02-21 05:20 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL12.SQLEXPRESS2014-sqlagtctr.dll
2015-06-13 22:04 - 2013-12-11 18:40 - 00002092 _____ C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-06-13 22:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-13 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-13 22:03 - 2015-06-13 22:03 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-06-13 22:02 - 2015-06-13 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-06-13 22:00 - 2015-06-13 22:00 - 00000000 ____D C:\WINDOWS\system32\RsFx
2015-06-13 21:57 - 2015-06-13 21:57 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2010
2015-06-13 21:56 - 2015-06-13 21:58 - 00000000 ____D C:\WINDOWS\SysWOW64\1031
2015-06-13 21:56 - 2015-06-13 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-06-13 21:54 - 2015-06-13 21:58 - 00000000 ____D C:\WINDOWS\system32\1031
2015-06-13 21:54 - 2015-06-13 21:54 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2015-06-13 21:54 - 2015-06-13 21:54 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2015-06-13 21:48 - 2015-06-13 21:48 - 00000931 _____ C:\Users\dietmar\Downloads\Downloads.lnk
2015-06-13 19:46 - 2015-07-08 21:51 - 00018123 _____ C:\Users\dietmar\Desktop\Lernen-Orte.odt
2015-06-13 13:26 - 2015-07-10 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-13 13:26 - 2015-06-13 13:26 - 00001062 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2015-06-13 13:26 - 2009-12-07 19:53 - 00117504 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2015-06-13 13:26 - 2009-12-07 19:36 - 00246224 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbnet.sys
2015-06-13 13:26 - 2009-10-12 15:23 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbdev.sys
2015-06-13 13:26 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2015-06-13 00:12 - 2015-06-13 00:12 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-06-13 00:12 - 2015-06-13 00:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 18:18 - 2015-04-27 17:55 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED136814-2FF4-44F4-9697-51514347B07F}
2015-07-12 17:57 - 2014-02-27 23:25 - 01450404 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-12 17:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-12 16:59 - 2015-04-27 17:50 - 00139776 _____ C:\WINDOWS\SysWOW64\Xui.trf
2015-07-12 16:59 - 2014-02-27 23:37 - 07279546 _____ C:\Users\Public\CAFADEBUG.log
2015-07-12 16:53 - 2015-04-27 23:39 - 00000000 ____D C:\Users\dietmar\AppData\Local\ClassicShell
2015-07-12 16:53 - 2013-08-22 16:46 - 00131011 _____ C:\WINDOWS\setupact.log
2015-07-12 16:44 - 2015-04-27 17:51 - 00000000 __RDO C:\Users\dietmar\SkyDrive
2015-07-12 16:42 - 2013-10-07 20:23 - 01029870 _____ C:\WINDOWS\PFRO.log
2015-07-12 16:42 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-12 16:42 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-12 16:33 - 2015-05-01 22:27 - 00000000 ____D C:\Users\DefaultAppPool
2015-07-12 16:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Resources
2015-07-12 16:32 - 2015-04-27 17:55 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1349822815-2598862020-373602666-1001
2015-07-11 23:19 - 2015-05-02 22:46 - 00536576 ___SH C:\Users\dietmar\Desktop\Thumbs.db
2015-07-11 23:15 - 2015-06-09 15:00 - 00000000 ____D C:\AdwCleaner
2015-07-11 20:49 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-11 11:08 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-10 22:59 - 2014-02-28 08:16 - 00964858 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-10 22:59 - 2014-02-28 08:16 - 00238724 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-10 22:59 - 2013-10-07 20:27 - 02286860 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-10 22:53 - 2015-04-27 17:49 - 00000000 ____D C:\Users\dietmar
2015-07-10 21:54 - 2015-05-02 23:26 - 00000000 ____D C:\Users\dietmar\AppData\Local\Xmarks
2015-07-09 23:01 - 2014-02-27 23:33 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-07-09 13:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-08 23:07 - 2015-05-03 15:57 - 00021216 _____ C:\Users\dietmar\Desktop\install.lenovo.odt
2015-07-06 23:24 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 21:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-06 18:41 - 2015-04-28 22:39 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Notepad++
2015-07-06 18:41 - 2015-04-28 22:39 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-07-05 12:51 - 2015-05-05 22:03 - 00000000 ____D C:\Users\dietmar\AppData\Local\CrashDumps
2015-07-04 14:52 - 2015-05-01 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-06-28 22:41 - 2015-05-27 15:41 - 00002108 _____ C:\Users\dietmar\Desktop\Organsisation.lnk
2015-06-27 18:05 - 2015-05-02 00:18 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2013
2015-06-26 22:34 - 2013-08-22 16:44 - 00530080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-26 18:42 - 2014-02-27 23:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-26 18:06 - 2015-06-11 23:47 - 00000000 ____D C:\Users\dietmar\AppData\Local\Microsoft_Corporation
2015-06-26 18:01 - 2014-02-27 23:40 - 00016738 _____ C:\WINDOWS\system32\results.xml
2015-06-26 17:45 - 2014-02-27 23:24 - 00121474 _____ C:\WINDOWS\DPINST.LOG
2015-06-26 01:33 - 2014-02-27 23:36 - 00000000 ____D C:\ProgramData\Conexant
2015-06-26 00:40 - 2014-02-27 23:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-06-26 00:40 - 2014-02-27 23:34 - 00000000 ____D C:\Program Files\Lenovo
2015-06-24 22:45 - 2015-05-01 13:59 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Büro
2015-06-24 14:47 - 2015-05-15 14:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 19:27 - 2015-05-02 23:11 - 00002224 _____ C:\Users\dietmar\Desktop\Musik.lnk
2015-06-23 19:21 - 2015-05-02 22:46 - 00001838 _____ C:\Users\dietmar\Desktop\Amalthea.lnk
2015-06-22 23:44 - 2015-05-29 02:20 - 00001213 _____ C:\Users\dietmar\Desktop\Android Studio.lnk
2015-06-22 04:09 - 2015-05-03 22:31 - 00000000 ____D C:\Users\dietmar\AppData\Local\Google
2015-06-22 02:01 - 2015-05-03 22:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-22 00:50 - 2015-05-15 14:00 - 00000000 ____D C:\Program Files\Google
2015-06-21 02:51 - 2013-07-11 08:57 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_cable64_win7.sys
2015-06-21 01:33 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Nitro PDF
2015-06-18 19:24 - 2015-04-27 17:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\Adobe
2015-06-17 02:37 - 2014-02-27 23:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-17 02:14 - 2015-06-09 18:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-17 02:06 - 2015-06-02 21:07 - 00000000 ____D C:\SWTOOLS
2015-06-15 22:27 - 2015-06-10 01:25 - 00000000 ___RD C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multimedia
2015-06-15 22:27 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-15 13:02 - 2015-06-09 18:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-06-15 01:45 - 2015-05-01 14:13 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Entwicklung
2015-06-15 01:42 - 2014-02-28 00:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-15 01:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-15 01:41 - 2015-05-07 21:13 - 00000929 _____ C:\WINDOWS\ODBC.INI
2015-06-14 14:44 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Local\VirtualStore
2015-06-13 22:01 - 2015-05-01 23:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-13 21:58 - 2015-05-01 23:35 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2015-06-13 21:58 - 2015-05-01 23:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-13 21:58 - 2015-05-01 23:18 - 00000000 ____D C:\WINDOWS\system32\1033
2015-06-13 19:52 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Local\Packages
2015-06-13 15:29 - 2015-05-01 14:00 - 00000000 ___RD C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-13 13:27 - 2015-06-05 18:12 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2015-06-13 00:54 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-13 00:24 - 2013-08-22 15:25 - 00000290 _____ C:\WINDOWS\win.ini
2015-06-13 00:22 - 2015-06-09 18:01 - 00002635 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk
2015-06-13 00:22 - 2015-06-09 18:01 - 00002631 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk

==================== Files in the root of some directories =======

2015-04-27 17:51 - 2015-05-02 01:38 - 0001516 _____ () C:\Users\dietmar\AppData\Roaming\AbsoluteReminder.xml
2015-06-21 03:54 - 2015-06-24 02:21 - 0002866 _____ () C:\Users\dietmar\AppData\Roaming\VoiceMeeterDefault.xml
2015-04-27 17:50 - 2015-04-27 17:50 - 0000193 _____ () C:\Users\dietmar\AppData\Local\RegisteredPackageInformation.xml
2014-02-27 23:36 - 2014-02-27 23:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-15 02:32 - 2015-06-15 02:32 - 0000293 ____H () C:\ProgramData\wb764821reg.bin

Some files in TEMP:
====================
C:\Users\dietmar\AppData\Local\Temp\avgnt.exe
C:\Users\dietmar\AppData\Local\Temp\Quarantine.exe
C:\Users\dietmar\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-12 12:05

==================== End of log ============================

--- --- ---

Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by dietmar at 2015-07-12 18:36:57
Running from C:\Users\dietmar\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1349822815-2598862020-373602666-500 - Administrator - Disabled)
dietmar (S-1-5-21-1349822815-2598862020-373602666-1001 - Administrator - Enabled) => C:\Users\dietmar
Gast (S-1-5-21-1349822815-2598862020-373602666-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1349822815-2598862020-373602666-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.12.25 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6.10.1246 - Avira Operations GmbH & Co. KG)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.9.0 - Conexant)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic German Language Pack for Visual Studio 2008 (HKLM-x32\...\{3924C3E7-C440-4B23-9740-9A9EC0545F21}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) (HKLM\...\{1D5F34D0-6329-4D92-B81A-E24E9028910C}) (Version: 10.5.0.0 - Business Objects)
Das große DGS Wörterbuch 1.0.2.6 (HKLM-x32\...\{71FB874A-A992-4ED6-9522-6EFF78ADDDCB}_is1) (Version:  - Verlag Karin Kestner)
Dependency Package Update (Version: 1.6.30.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DNSBlock (HKLM\...\{7b5da7f5-de7d-4e00-b330-a2e08e460095}) (Version: 1.0.0 - NETNS GMBH)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
FreeFileSync 7.2 (HKLM-x32\...\FreeFileSync) (Version: 7.2 - www.FreeFileSync.org)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.28314 - Hauppauge Computer Works)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB971091) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB973674) (Version: 1 - Microsoft Corporation)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3855 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.1.12.100 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.8 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.9 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.2 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0037 - Lenovo)
Lenovo Transition (HKLM\...\{660FFFA1-BC46-4B79-A3B5-E51D8964FF1F}) (Version: 1.0.002.00 - Lenovo Group Limited)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{B1060346-9388-4C5B-AA52-176C39819E43}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{72CCBEA1-8D57-4981-A337-81019F28C5BA}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Document Explorer 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{7D1C6D7B-8E3F-4724-94C8-AA7EB7F60AE0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014-Laufzeit (HKLM-x32\...\{30956415-84C1-4F0C-B2AD-BC8944730DDA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014-Setup (Deutsch) (HKLM\...\{75990ACD-8124-45DB-BAED-6D5B51305F6D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 DEU (HKLM-x32\...\{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices DEU (HKLM-x32\...\{1C3ADB5F-750E-4453-AC98-B75C5323845C}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server*2014 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server*2014 Express LocalDB  (HKLM\...\{CA191120-4CB1-4E3D-89B8-79FDB9017A2E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Policies  (HKLM-x32\...\{B23A3E56-8859-4F60-B3FA-FA14DE9050B5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL Compiler Service  (HKLM\...\{BC87D3DC-0257-4C81-8795-A0AAE6560B11}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom  (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - DEU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2014 (HKLM\...\{D390AADD-C825-4B31-8C79-83A9461D5524}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{AC888A60-9557-3B74-B52B-F353D01BD544}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{9408684F-E1CC-4D2E-AE15-886023557682}) (Version: 12.0.2000.8 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.01.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2014 (HKLM-x32\...\{B7312B95-77C6-497E-A63F-596A77B20F31}) (Version: 12.0.2000.8 - Microsoft Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.12.68 - )
ThinkPad USB 3.0 Dock (HKLM-x32\...\{69109A9C-1D00-4A84-9ABF-AAE9CADD20DD}) (Version: 1.07.15 - Lenovo)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.10 - Lenovo)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{D8125A39-ADEE-4187-B04D-DB6CF489AF61}) (Version: 10.3.5500.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB972221) (Version: 1 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual Studio .NET Prerequisites - English (HKLM\...\{ACD875CC-A146-3125-8F99-D3766F46FD86}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.0.0.0 - 1&1 Mail & Media GmbH)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{DA7F48EF-5F56-45FE-9169-3B8159A7A323}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Intel hdc  (07/25/2013 9.4.0.1023) (HKLM\...\87403FF3ADDFA1770936C9436A187AC3B9FBC8DE) (Version: 07/25/2013 9.4.0.1023 - Intel)
Windows-Treiberpaket - Intel System  (07/25/2013 9.4.0.1023) (HKLM\...\BDBD400472735932E15286ACD00A1DA1856D2B6D) (Version: 07/25/2013 9.4.0.1023 - Intel)
Windows-Treiberpaket - Intel System  (08/21/2013 9.4.0.1027) (HKLM\...\FC58A12A405BF6933FC97269FF68C969D128F381) (Version: 08/21/2013 9.4.0.1027 - Intel)
Windows-Treiberpaket - Intel USB  (07/31/2013 9.4.0.1025) (HKLM\...\A6995A77D26D0B0292A9C3B4878836D232899FE0) (Version: 07/31/2013 9.4.0.1025 - Intel)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
Windows-Treiberpaket - Synaptics (SmbDrv) System  (02/06/2014 17.0.12.68) (HKLM\...\342F51AB97BF27B1CF8077CE6B9093FE14E716AE) (Version: 02/06/2014 17.0.12.68 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (02/06/2014 17.0.12.68) (HKLM\...\9B411E2775A7792CE52FB04188C3F02E3F15957F) (Version: 02/06/2014 17.0.12.68 - Synaptics)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1349822815-2598862020-373602666-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

04-07-2015 14:51:18 Installed 7-Zip 9.20 (x64 edition)
08-07-2015 18:43:29 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0357BEDE-4507-4F72-BDFA-0B8931028617} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {042A31F1-534F-40BD-AE97-8EA0509E5CD6} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe
Task: {14E7BF72-A5CB-4A19-BBDC-EBE430B97702} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {2B204E76-39F6-4038-BBCA-F6B76B29E5F3} - System32\Tasks\Lenovo\Lenovo Transition Launcher => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [2013-09-05] ()
Task: {33DDAD0F-AAC4-45C1-B04C-3AFE1D487C23} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {7E763602-124E-49A5-82FA-C258B7685821} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {9300C65A-FFDC-4BA2-ABBB-DE9CA3F07D90} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {99F891AA-221F-4AD5-BAB4-B95118D01F69} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
Task: {AF1667B7-4EB5-4F64-80E5-363C94674960} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-10] (Maxthon International ltd.)
Task: {BE207E10-D102-40AB-AE0F-3A18CBB99688} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe
Task: {CB76B3E6-D321-4FF0-BFBB-CE18C45DA802} - System32\Tasks\UEUEUFX1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
Task: {D7A7BDC4-B6C4-4C00-A564-0045F2BB3072} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-05-15] ()
Task: {E699A9BE-E8FD-431F-A691-DA2E690EA731} - System32\Tasks\Chromium => C:\Users\dietmar\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: {FB56D49B-27C7-4D31-B0EC-2BCFDDAF8873} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FF49B497-86C2-4988-A31F-BFA4F3133B5B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-03-06] (Lenovo)
Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\dietmar\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\UEUEUFX1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-02-28 00:04 - 2013-10-11 08:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-27 23:32 - 2013-09-16 21:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\dietmar\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4020B7A5-CA19-4F5F-873B-15483EA13D5C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5FBF9BE7-B387-4BC1-83F9-DAAF9D8C14F4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F99DA584-81DB-4B99-A70D-DCD2A544931D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{E74E1D67-A7C4-4F48-80E2-B857C87100F5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E13B7E83-E963-4172-95AE-1FA58E6127FE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{DA05E8E3-2908-44A1-8A82-6E7B4AB347D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{366D027B-D2BB-4952-A14A-30AB7C2B126F}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5418BC7E-6CC5-47A1-81D6-FF0D8D1504EB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{D1B3E46D-56F9-4A1D-9A66-2221D834A057}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{EA07E8B0-B47D-4989-B047-B4BBC492CE15}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{F26E5B2E-EC32-4FC7-9C65-6E3D67BCD594}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{56C13753-D791-4322-B197-A647B23601BF}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{7DB79029-8301-4B52-886E-3E48EFB292A4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{F8DEE95C-825E-4CC4-AFD1-955927C8573C}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{8BDA8D0D-18C6-49AA-962D-18AD120CC15A}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{1FBB9DF3-3199-4A59-B747-BE0DCC9081B1}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{3128A6D6-6AE5-42FD-A1D9-148A713A98FB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{29CF88BF-F5F7-4E95-88CE-2E88965AD67F}] => (Allow) C:\Users\dietmar\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{5F520873-356C-45EC-9B90-3FB9E7B6B9ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDAC28E0-6B62-420F-91EB-2051C7F20203}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2015 05:00:12 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/12/2015 05:00:12 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::WoWLANSupported   Net Detect:  WOWLAN Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/12/2015 05:00:12 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/12/2015 05:00:12 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/11/2015 11:16:26 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/11/2015 11:15:52 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/11/2015 11:15:52 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::WoWLANSupported   Net Detect:  WOWLAN Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/11/2015 11:15:52 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/11/2015 11:15:52 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/11/2015 11:08:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.


System errors:
=============
Error: (07/12/2015 04:59:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo Settings Power Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 04:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/12/2015 04:59:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LocationTaskManager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 04:59:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 04:59:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 04:59:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bluetooth OBEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 04:59:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/12/2015 04:59:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 04:59:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Registry Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 04:59:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo Hotkey Client Loader" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-26 15:18:50.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.663
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 23%
Total physical RAM: 8102.8 MB
Available physical RAM: 6174.05 MB
Total Virtual: 16294.8 MB
Available Virtual: 14273.04 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:625.05 GB) (Free:491.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 658E0480)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 8CF416B6)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

die vier addons:
download protect 2.2.7 sind aus den browsern verschwunden

im Mozilla Firefox kann sich das addon:
download protect 2.2.8 noch halten, es bleibt aber auch nach
reboot deaktiviert und aktiviert sich nicht mehr selbständig.

Grüße

M-K-D-B · 13.07.2015, 13:09

Servus,

ok... ganz schön verzwickt das Ganze...

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Default URLSearchHook is missing
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.328 -> C:\Users\dietmar\AppData\Local\Hola\firefox_hola\app\vlc No File
FF Plugin HKU\S-1-5-21-1349822815-2598862020-373602666-1001: @hola.org/vlc,version=1.8.204 -> C:\Users\dietmar\AppData\Local\Hola\firefox\app\vlc No File
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
Task: {CB76B3E6-D321-4FF0-BFBB-CE18C45DA802} - System32\Tasks\UEUEUFX1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
C:\ProgramData\SecurityUtility
Task: {E699A9BE-E8FD-431F-A691-DA2E690EA731} - System32\Tasks\Chromium => C:\Users\dietmar\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\dietmar\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\UEUEUFX1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
C:\WINDOWS\Installer\{E1CF7752-C4D3-4D8C-9D47-EABADAE466AA}
C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}
C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}
C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}
FF HKLM-x32\...\Firefox\Extensions: [{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}] - C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}\{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{EFA5F30A-020C-4385-94B0-981865214E9C}] - C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}\{EFA5F30A-020C-4385-94B0-981865214E9C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{3E4405C6-6452-47C6-91AC-34450BF93D1A}] - C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}\{3E4405C6-6452-47C6-91AC-34450BF93D1A}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{D05BC06C-D105-4151-B55D-797AA986E224}] - C:\WINDOWS\Installer\{E1CF7752-C4D3-4D8C-9D47-EABADAE466AA}\{D05BC06C-D105-4151-B55D-797AA986E224}.xpi
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in die Zeile:
Code:
ATTFilter
```
DownloadProtect;Download Protect;tampainit;
         
```
Drücke auf Search Registry.
FRST beginnt mit dem Suchlauf. Dies kann einige Zeit dauern.
Am Ende erstellt FRST eine Textdatei Search.txt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von FRST mit dem Suchlauf der Registrierungsdatenbank,
die beiden neuen Logdateien von FRST.

didier · 14.07.2015, 15:29

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by dietmar at 2015-07-14 15:58:34 Run:2
Running from C:\Users\dietmar\Desktop
Loaded Profiles: dietmar &  (Available Profiles: dietmar & MSSQL$SQLEXPRESS2014)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Default URLSearchHook is missing
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.328 -> C:\Users\dietmar\AppData\Local\Hola\firefox_hola\app\vlc No File
FF Plugin HKU\S-1-5-21-1349822815-2598862020-373602666-1001: @hola.org/vlc,version=1.8.204 -> C:\Users\dietmar\AppData\Local\Hola\firefox\app\vlc No File
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
Task: {CB76B3E6-D321-4FF0-BFBB-CE18C45DA802} - System32\Tasks\UEUEUFX1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
C:\ProgramData\SecurityUtility
Task: {E699A9BE-E8FD-431F-A691-DA2E690EA731} - System32\Tasks\Chromium => C:\Users\dietmar\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\dietmar\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\UEUEUFX1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
C:\WINDOWS\Installer\{E1CF7752-C4D3-4D8C-9D47-EABADAE466AA}
C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}
C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}
C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}
FF HKLM-x32\...\Firefox\Extensions: [{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}] - C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}\{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{EFA5F30A-020C-4385-94B0-981865214E9C}] - C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}\{EFA5F30A-020C-4385-94B0-981865214E9C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{3E4405C6-6452-47C6-91AC-34450BF93D1A}] - C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}\{3E4405C6-6452-47C6-91AC-34450BF93D1A}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{D05BC06C-D105-4151-B55D-797AA986E224}] - C:\WINDOWS\Installer\{E1CF7752-C4D3-4D8C-9D47-EABADAE466AA}\{D05BC06C-D105-4151-B55D-797AA986E224}.xpi
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.
Could not restore Default URLSearchHook.
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc,version=1.8.328" => key removed successfully
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.328 -> C:\Users\dietmar\AppData\Local\Hola\firefox_hola\app\vlc No File not found.
"HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\MozillaPlugins\@hola.org/vlc,version=1.8.204" => key removed successfully
FF Plugin HKU\S-1-5-21-1349822815-2598862020-373602666-1001: @hola.org/vlc,version=1.8.204 -> C:\Users\dietmar\AppData\Local\Hola\firefox\app\vlc No File not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB76B3E6-D321-4FF0-BFBB-CE18C45DA802}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB76B3E6-D321-4FF0-BFBB-CE18C45DA802}" => key removed successfully
C:\Windows\System32\Tasks\UEUEUFX1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEUEUFX1" => key removed successfully
"C:\ProgramData\SecurityUtility" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E699A9BE-E8FD-431F-A691-DA2E690EA731}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E699A9BE-E8FD-431F-A691-DA2E690EA731}" => key removed successfully
C:\Windows\System32\Tasks\Chromium => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium" => key removed successfully
C:\WINDOWS\Tasks\Chromium.job => moved successfully.
C:\WINDOWS\Tasks\UEUEUFX1.job => moved successfully.
C:\WINDOWS\Installer\{E1CF7752-C4D3-4D8C-9D47-EABADAE466AA} => moved successfully.
"C:\WINDOWS\Installer\{45F9147F-489F-46DC-A5CE-27F358C92A32}" => File/Folder not found.
"C:\WINDOWS\Installer\{3FD540D9-C72D-4FD9-BB7C-191DD129C7D8}" => File/Folder not found.
"C:\WINDOWS\Installer\{1ACC8B11-B31F-4667-8D03-FAD30AD05B2D}" => File/Folder not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F1E2DF0C-8EAB-4AAF-878E-853E98BCAB5A} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{EFA5F30A-020C-4385-94B0-981865214E9C} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{3E4405C6-6452-47C6-91AC-34450BF93D1A} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D05BC06C-D105-4151-B55D-797AA986E224} => value removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 538.9 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 15:58:45 ====

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by dietmar at 2015-07-14 16:07:09
Running from C:\Users\dietmar\Desktop
Boot Mode: Normal

================== Search Registry: "DownloadProtect;Download Protect;tampainit" ===========


===================== Search result for "DownloadProtect" ==========

[HKEY_USERS\S-1-5-21-1349822815-2598862020-373602666-1001\Software\DownloadProtect]

[HKEY_USERS\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File7"="C:\Users\dietmar\Desktop\downloadProtect.txt"

[HKEY_USERS\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1349822815-2598862020-373602666-1001\Software\DownloadProtect]


===================== Search result for "tampainit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_48d9be4d]
"svn"="TampaInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_48d9be4d]
"Install_Dir"="C:\Program Files (x86)\TampaInit"

====== End of Search ======

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by dietmar (administrator) on LENOVO-PC on 14-07-2015 16:08:18
Running from C:\Users\dietmar\Desktop
Loaded Profiles: dietmar & MSSQL$SQLEXPRESS2014 &  (Available Profiles: dietmar & MSSQL$SQLEXPRESS2014)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2776816 2014-02-06] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [600568 2013-11-05] (Lenovo Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: F - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {164435bc-095b-11e5-8287-0c8bfdd19371} - "F:\ViewHtml.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {164451e8-095b-11e5-8287-0c8bfdd19371} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {3aba170a-f4a8-11e4-8279-0c8bfdd19371} - "F:\.\Setup.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9b2-0fdc-11e5-828b-0050b66f480d} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9c8-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {51d6b9f3-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\MountPoints2: {ab98e2d6-0702-11e5-8286-0c8bfdd19371} - "F:\ViewHtml.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {164435bc-095b-11e5-8287-0c8bfdd19371} - "F:\ViewHtml.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {164451e8-095b-11e5-8287-0c8bfdd19371} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3aba170a-f4a8-11e4-8279-0c8bfdd19371} - "F:\.\Setup.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {51d6b9b2-0fdc-11e5-828b-0050b66f480d} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {51d6b9c8-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {51d6b9f3-0fdc-11e5-828b-0050b66f480d} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ab98e2d6-0702-11e5-8286-0c8bfdd19371} - "F:\ViewHtml.exe" 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/
URLSearchHook: [S-1-5-80-74102703-195227291-2601699642-576852742-3294486561] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-74102703-195227291-2601699642-576852742-3294486561-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001 -> DefaultScope {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001 -> {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {620017E4-B96A-4FD3-9EA9-BC52D05EC63D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-80-74102703-195227291-2601699642-576852742-3294486561 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-74102703-195227291-2601699642-576852742-3294486561-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///F:/launch.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.226.254
Tcpip\..\Interfaces\{1AB220C5-9E3C-4E80-A4EB-E9CE000FFB90}: [DhcpNameServer] 169.254.131.49
Tcpip\..\Interfaces\{1E5C9131-2ED6-4A3B-80EA-7C153A915BD3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6DCF1004-DED2-485B-88BB-064FB73CCE52}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{B62B51C8-4926-48F7-9539-CEC3FA7B4296}: [DhcpNameServer] 192.168.226.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\Extensions\abs@avira.com [2015-07-03]
FF Extension: Avira SafeSearch Plus - C:\Users\dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\g8w01yf3.default\Extensions\safesearchplus@avira.com [2015-06-26]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573432 2013-11-05] (Lenovo Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2083592 2013-11-06] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [695800 2013-11-05] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [467720 2013-11-01] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-09] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS2014; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S4 SQLAgent$SQLEXPRESS2014; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS2014\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-04-29] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-04-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-07] ()
S3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-11] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-11] (DisplayLink Corp.)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hcw17bda; C:\Windows\system32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2014-08-18] (Realsil Semiconductor Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-06] (Synaptics Incorporated)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-06-21] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 16:08 - 2015-07-14 16:08 - 00029239 _____ C:\Users\dietmar\Desktop\FRST.txt
2015-07-14 16:07 - 2015-07-14 16:07 - 00001198 _____ C:\Users\dietmar\Desktop\Search.txt
2015-07-14 15:55 - 2015-07-14 15:55 - 00000000 ____D C:\Users\dietmar\Desktop\FRST-OlderVersion
2015-07-14 15:53 - 2015-07-14 15:55 - 02133504 _____ (Farbar) C:\Users\dietmar\Desktop\FRST64.exe
2015-07-14 14:49 - 2015-07-14 14:49 - 00013575 _____ C:\Users\dietmar\Desktop\checklisteSteuern.odt
2015-07-12 16:59 - 2015-07-12 16:59 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-LENOVO-PC-Windows-8.1-(64-bit).dat
2015-07-12 16:59 - 2015-07-12 16:59 - 00000000 ____D C:\RegBackup
2015-07-12 15:48 - 2015-07-12 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-10 22:58 - 2015-07-12 16:33 - 00000000 ____D C:\Program Files\{BC947C05-6B47-4A69-9383-3593446CEC6C}
2015-07-10 22:58 - 2015-07-12 16:33 - 00000000 ____D C:\Program Files (x86)\{FB79D9F5-CFB9-4E79-B1F1-75E6FB233D09}
2015-07-09 22:53 - 2015-07-10 15:49 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\FreeFileSync
2015-07-09 22:46 - 2015-07-10 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-09 22:46 - 2015-07-09 22:46 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-07-09 22:46 - 2015-07-09 22:46 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-07-09 22:46 - 2015-07-09 22:46 - 00002864 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-09 22:46 - 2015-07-09 22:46 - 00002864 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-07-09 22:45 - 2015-07-09 22:45 - 00000967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000957 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000955 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2015-07-09 22:45 - 2015-07-09 22:45 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\RPEng
2015-07-09 22:45 - 2015-07-09 22:45 - 00000000 ____D C:\Program Files\FreeFileSync
2015-07-09 16:35 - 2015-07-09 16:35 - 00000194 _____ C:\Users\dietmar\Desktop\Heinemann.txt
2015-07-09 16:34 - 2015-07-09 16:35 - 00000479 _____ C:\Users\dietmar\Desktop\FernUniFrageWgNichtFreigeg.Kursen
2015-07-09 04:00 - 2015-07-11 17:32 - 00018588 _____ C:\Users\dietmar\Desktop\TelefonieEckdaten.odt
2015-07-09 04:00 - 2015-07-11 13:30 - 00018613 _____ C:\Users\dietmar\Desktop\TelefonieEckdatenD.odt
2015-07-06 23:31 - 2015-07-10 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 22:53 - 2015-07-06 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-07-06 18:41 - 2015-07-06 18:41 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 18:41 - 2015-07-06 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 18:30 - 2015-07-06 18:30 - 00000095 _____ C:\Users\dietmar\Desktop\Vertrag_zusätze.txt
2015-07-04 14:51 - 2015-07-04 14:51 - 00000000 ____D C:\Program Files\7-Zip
2015-07-04 14:50 - 2015-07-04 14:50 - 01376768 _____ C:\Users\dietmar\Downloads\7z920-x64.msi
2015-07-04 14:50 - 2015-07-04 14:50 - 01062749 _____ (Igor Pavlov) C:\Users\dietmar\Downloads\7z1505.exe
2015-07-04 10:59 - 2015-07-11 16:52 - 00024831 _____ C:\Users\dietmar\Desktop\Apo.odt
2015-07-02 17:53 - 2015-07-02 19:21 - 00159744 _____ C:\Users\dietmar\Documents\db1.mdb
2015-06-30 19:46 - 2015-07-10 22:41 - 00000201 _____ C:\Users\dietmar\Desktop\todoLocalCache.txt
2015-06-29 03:25 - 2015-07-12 11:41 - 00002280 ____H C:\Users\dietmar\Documents\Default.rdp
2015-06-29 03:01 - 2015-07-02 19:22 - 00000000 ____D C:\Users\dietmar\AppData\Local\AviraSpeedup
2015-06-29 00:37 - 2015-07-12 16:33 - 00000000 ____D C:\Program Files\{B80EC004-56AF-4899-AA4A-89CB150FB289}
2015-06-29 00:37 - 2015-07-12 16:33 - 00000000 ____D C:\Program Files (x86)\{CAA517D1-B09D-418D-A5C4-931B49C01DB4}
2015-06-26 22:34 - 2015-06-26 22:34 - 00341720 _____ C:\WINDOWS\Minidump\062615-41531-01.dmp
2015-06-26 22:34 - 2015-06-26 22:34 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-26 22:33 - 2015-06-26 22:33 - 1088599442 _____ C:\WINDOWS\MEMORY.DMP
2015-06-26 18:58 - 2015-06-26 18:58 - 02870984 _____ (ESET) C:\Users\dietmar\Downloads\esetsmartinstaller_deu.exe
2015-06-26 18:49 - 2015-06-26 18:49 - 00001116 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-06-26 18:49 - 2015-06-26 18:49 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-06-26 18:45 - 2015-06-26 18:45 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Avira
2015-06-26 18:44 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-06-26 18:44 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-06-26 18:42 - 2015-06-26 18:49 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-26 18:42 - 2015-06-26 18:44 - 00000000 ____D C:\ProgramData\Avira
2015-06-26 18:42 - 2015-06-26 18:42 - 00001179 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-26 18:03 - 2015-06-26 18:03 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-26 18:00 - 2015-06-26 18:00 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-26 17:47 - 2015-06-26 17:47 - 00000000 ____D C:\Users\dietmar\AppData\Local\ORPALIS
2015-06-26 17:40 - 2015-06-26 17:40 - 22799599 _____ C:\Users\dietmar\Downloads\paperscanfree.zip
2015-06-26 17:40 - 2015-06-26 17:40 - 00000000 ____D C:\Users\dietmar\AppData\Local\Downloaded Installations
2015-06-26 17:37 - 2015-06-26 17:37 - 02623680 _____ (Hewlett-Packard ) C:\Users\dietmar\Downloads\setup_basic_2300.exe
2015-06-26 03:03 - 2015-07-12 18:59 - 00000000 ____D C:\Users\dietmar\Desktop\trojanerboard
2015-06-26 03:01 - 2015-06-26 03:01 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\dietmar\Downloads\avira_de_av_558ca44ee5bc3__ws.exe
2015-06-26 01:37 - 2015-06-26 01:37 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2015-06-26 01:36 - 2015-06-26 01:36 - 00000000 ____D C:\Users\Public\Documents\Conexant
2015-06-26 01:36 - 2013-07-02 09:10 - 00004712 _____ C:\WINDOWS\system32\Drivers\SamSfPa.dat
2015-06-26 01:36 - 2011-09-01 14:23 - 00447104 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2015-06-26 01:35 - 2013-07-25 13:39 - 00206552 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2015-06-26 01:32 - 2013-10-18 12:47 - 01387200 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\CHDRT64.sys
2015-06-26 01:32 - 2013-09-09 12:02 - 06217904 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-06-26 01:32 - 2013-09-09 12:02 - 00313520 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-06-26 01:32 - 2013-09-09 12:01 - 01938608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-06-26 01:32 - 2013-09-09 12:01 - 00260272 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-06-26 01:32 - 2013-09-03 17:16 - 00936640 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64BP06.dll
2015-06-26 01:32 - 2013-08-20 12:28 - 02832088 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A40.DLL
2015-06-26 01:32 - 2013-08-05 17:11 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-06-26 01:32 - 2013-05-15 14:27 - 00406208 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CSpkExt64.dll
2015-06-26 01:32 - 2012-06-29 12:04 - 00050848 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxPageMaster64.dll
2015-06-26 01:32 - 2012-01-16 09:42 - 00666240 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\C3DHPExt64.dll
2015-06-26 01:32 - 2011-01-18 07:35 - 00030893 _____ C:\WINDOWS\system32\Drivers\Mixer.ini
2015-06-26 01:28 - 2014-07-29 12:57 - 23048704 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 18033152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 10942144 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 08461824 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 06625280 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 04348888 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 04345304 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 04011168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 03818864 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-06-26 01:28 - 2014-07-29 12:57 - 02478384 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 02023936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01756160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01673216 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01552896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01455776 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01137080 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 01132960 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00930264 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00792736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00734720 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00657920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00646304 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00603296 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00544216 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00543704 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00501720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00446424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00444408 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00416216 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00397272 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00396760 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00373248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00358912 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00352232 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00344736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00330240 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00315352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00294912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00291328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00272384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00254976 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-06-26 01:28 - 2014-07-29 12:57 - 00250368 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00244184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00223744 _____ C:\WINDOWS\system32\igdde64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00218808 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00214016 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00210592 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00191448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00188456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00187508 _____ C:\WINDOWS\system32\resTHA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00184320 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00183808 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00183800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00182784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3855.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00180324 _____ C:\WINDOWS\system32\resELL.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00177824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00176180 _____ C:\WINDOWS\system32\resRUS.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00162036 _____ C:\WINDOWS\system32\resARA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00161492 _____ C:\WINDOWS\system32\resHEB.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00161428 _____ C:\WINDOWS\system32\resJPN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00160256 _____ C:\WINDOWS\system32\igdail64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00159056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00156852 _____ C:\WINDOWS\system32\resFRA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00156836 _____ C:\WINDOWS\system32\resHUN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155140 _____ C:\WINDOWS\system32\resKOR.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155044 _____ C:\WINDOWS\system32\resITA.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00155044 _____ C:\WINDOWS\system32\resDEU.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154884 _____ C:\WINDOWS\system32\resROM.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154772 _____ C:\WINDOWS\system32\resESN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154624 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00154340 _____ C:\WINDOWS\system32\resPLK.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154196 _____ C:\WINDOWS\system32\resSKY.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00154004 _____ C:\WINDOWS\system32\resNLD.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153444 _____ C:\WINDOWS\system32\resPTB.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153300 _____ C:\WINDOWS\system32\resTRK.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153268 _____ C:\WINDOWS\system32\resCSY.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153140 _____ C:\WINDOWS\system32\resPTG.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00153048 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-06-26 01:28 - 2014-07-29 12:57 - 00152724 _____ C:\WINDOWS\system32\resFIN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00152292 _____ C:\WINDOWS\system32\resHRV.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00151844 _____ C:\WINDOWS\system32\resSVE.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00151668 _____ C:\WINDOWS\system32\resSLV.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00150740 _____ C:\WINDOWS\system32\resNOR.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00150228 _____ C:\WINDOWS\system32\resDAN.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00148916 _____ C:\WINDOWS\system32\resENU.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00147140 _____ C:\WINDOWS\system32\resCHT.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00146308 _____ C:\WINDOWS\system32\resCHS.cui
2015-06-26 01:28 - 2014-07-29 12:57 - 00143360 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00128672 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00094368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00070144 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00069632 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00058880 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00030720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-06-26 01:28 - 2014-07-29 12:57 - 00002568 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-06-25 19:03 - 2015-06-25 19:04 - 00001251 _____ C:\Users\dietmar\Desktop\SPEEDPORT.lnk
2015-06-25 01:41 - 2015-06-26 17:20 - 00003356 _____ C:\Users\dietmar\Desktop\email-Fernuni.txt
2015-06-25 00:10 - 2015-06-25 00:10 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2015-06-24 23:15 - 2015-06-24 23:32 - 00000000 ____D C:\Users\dietmar\Desktop\dfk-data-Trancend
2015-06-23 21:54 - 2015-06-23 22:20 - 00013208 _____ C:\Users\dietmar\Desktop\Tätigkeitsbericht.D.KremerBeiINASchaeffler.odt
2015-06-23 19:23 - 2015-06-23 19:23 - 00001877 _____ C:\Users\dietmar\Desktop\Luna.lnk
2015-06-23 01:19 - 2015-07-14 16:08 - 00000000 ____D C:\FRST
2015-06-23 00:45 - 2015-06-23 00:45 - 00000000 _____ C:\Users\dietmar\defogger_reenable
2015-06-22 22:53 - 2015-06-22 22:53 - 00015360 _____ C:\Users\dietmar\Desktop\LinsenTests.xls
2015-06-22 05:08 - 2015-07-10 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Mozilla
2015-06-22 05:08 - 2015-06-22 05:08 - 00000000 ____D C:\Users\dietmar\AppData\Local\Mozilla
2015-06-22 03:08 - 2015-07-14 16:01 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 03:08 - 2015-07-12 15:48 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-22 03:08 - 2015-06-22 03:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-22 03:08 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-22 03:08 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 03:08 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-22 00:52 - 2015-06-22 00:55 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-22 00:49 - 2015-06-22 00:49 - 05683024 _____ (Avast Software s.r.o.) C:\Users\dietmar\Downloads\avastclear.exe
2015-06-21 03:54 - 2015-06-24 02:21 - 00002866 _____ C:\Users\dietmar\AppData\Roaming\VoiceMeeterDefault.xml
2015-06-21 03:20 - 2015-06-21 03:20 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2015-06-21 03:20 - 2015-06-21 03:20 - 00000000 ____D C:\Program Files (x86)\VB
2015-06-21 02:52 - 2015-06-21 03:21 - 00000000 ____D C:\Program Files\VB
2015-06-20 22:29 - 2015-06-20 22:59 - 00159744 _____ C:\Users\dietmar\Documents\Studium.mdb
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Opera Software
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Users\dietmar\AppData\Local\Opera Software
2015-06-20 04:05 - 2015-06-22 04:15 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-20 04:05 - 2015-06-20 04:05 - 00003260 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday
2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Shortcut
2015-06-20 03:54 - 2015-06-20 03:54 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\dlg
2015-06-20 03:53 - 2015-07-11 20:53 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-20 03:53 - 2015-06-20 03:53 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\AVG
2015-06-20 03:52 - 2015-06-20 03:53 - 00000000 ____D C:\ProgramData\AVG
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\DnsBlock
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\Avg
2015-06-20 03:52 - 2015-06-20 03:52 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-20 03:51 - 2015-06-20 03:51 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2015-06-19 01:59 - 2015-06-19 01:59 - 08142207 _____ C:\Users\dietmar\Desktop\Bewerbung.D.Kremer.Hemmerbach.odt
2015-06-19 01:54 - 2015-06-20 22:59 - 00000411 _____ C:\Users\dietmar\Desktop\bewerbÜbersicht.txt
2015-06-18 20:41 - 2015-06-18 20:41 - 00000000 ____D C:\Users\dietmar\AppData\Local\Macromedia
2015-06-17 03:08 - 2015-06-17 03:08 - 00000000 ____D C:\Users\dietmar\AppData\Local\Conexant
2015-06-17 02:36 - 2015-06-17 03:11 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-17 02:06 - 2015-06-20 03:10 - 00006880 _____ C:\WINDOWS\SMinstall.log
2015-06-17 01:46 - 2015-06-17 01:46 - 00000000 ____D C:\Program Files (x86)\Spectrum
2015-06-16 00:22 - 2015-06-16 00:22 - 00000000 ____D C:\Users\dietmar\AppData\Local\Apple Computer
2015-06-15 22:25 - 2015-06-25 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anwendungen
2015-06-15 20:30 - 2015-06-15 20:30 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Apple Computer
2015-06-15 14:53 - 2015-06-20 19:52 - 00000677 _____ C:\Users\dietmar\Desktop\DiDo.txt
2015-06-15 13:04 - 2015-06-15 13:04 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2015-06-15 13:04 - 2015-06-15 13:04 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2015-06-15 02:38 - 2015-06-15 02:38 - 00000000 ___SD C:\Users\dietmar\Documents\Meine Shapes
2015-06-15 02:34 - 2015-06-15 02:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\Users\dietmar\AppData\Local\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-15 02:34 - 2015-06-15 02:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-15 02:32 - 2015-06-15 02:32 - 00000293 ____H C:\ProgramData\wb764821reg.bin
2015-06-15 01:43 - 2015-06-17 02:10 - 00000039 _____ C:\WINDOWS\vbaddin.ini
2015-06-15 01:40 - 2015-06-15 01:40 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-14 13:42 - 2015-06-14 13:42 - 00000000 ____D C:\ProgramData\Kestner
2015-06-14 13:42 - 2015-06-14 13:42 - 00000000 ____D C:\Program Files (x86)\Kestner
2015-06-14 01:47 - 2015-06-14 01:47 - 00000000 ____D C:\Meine Webseiten

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 16:06 - 2015-04-27 17:51 - 00000000 ___DO C:\Users\dietmar\SkyDrive
2015-07-14 16:01 - 2015-05-02 22:46 - 00545280 ___SH C:\Users\dietmar\Desktop\Thumbs.db
2015-07-14 16:01 - 2014-02-27 23:25 - 01085349 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-14 16:00 - 2013-08-22 16:46 - 00132113 _____ C:\WINDOWS\setupact.log
2015-07-14 16:00 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-14 15:59 - 2013-10-07 20:23 - 01030224 _____ C:\WINDOWS\PFRO.log
2015-07-14 15:59 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-14 15:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-14 13:50 - 2015-04-27 17:55 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1349822815-2598862020-373602666-1001
2015-07-14 13:32 - 2015-04-27 23:39 - 00000000 ____D C:\Users\dietmar\AppData\Local\ClassicShell
2015-07-14 13:26 - 2015-04-27 17:55 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED136814-2FF4-44F4-9697-51514347B07F}
2015-07-14 07:26 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-14 07:24 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-12 16:59 - 2015-04-27 17:50 - 00139776 _____ C:\WINDOWS\SysWOW64\Xui.trf
2015-07-12 16:59 - 2014-02-27 23:37 - 07287216 _____ C:\Users\Public\CAFADEBUG.log
2015-07-12 16:33 - 2015-05-01 22:27 - 00000000 ____D C:\Users\DefaultAppPool
2015-07-12 16:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Resources
2015-07-11 23:15 - 2015-06-09 15:00 - 00000000 ____D C:\AdwCleaner
2015-07-11 20:49 - 2015-06-13 22:04 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS2014
2015-07-11 20:49 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-10 22:59 - 2014-02-28 08:16 - 00964858 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-10 22:59 - 2014-02-28 08:16 - 00238724 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-10 22:59 - 2013-10-07 20:27 - 02286860 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-10 22:53 - 2015-04-27 17:49 - 00000000 ____D C:\Users\dietmar
2015-07-10 21:54 - 2015-05-02 23:26 - 00000000 ____D C:\Users\dietmar\AppData\Local\Xmarks
2015-07-10 11:20 - 2015-06-13 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-07-09 23:01 - 2014-02-27 23:33 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-07-08 23:07 - 2015-05-03 15:57 - 00021216 _____ C:\Users\dietmar\Desktop\install.lenovo.odt
2015-07-08 21:51 - 2015-06-13 19:46 - 00018123 _____ C:\Users\dietmar\Desktop\Lernen-Orte.odt
2015-07-06 23:24 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 21:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-06 18:41 - 2015-04-28 22:39 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Notepad++
2015-07-06 18:41 - 2015-04-28 22:39 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-07-05 12:51 - 2015-05-05 22:03 - 00000000 ____D C:\Users\dietmar\AppData\Local\CrashDumps
2015-07-04 14:52 - 2015-05-01 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-06-28 22:41 - 2015-05-27 15:41 - 00002108 _____ C:\Users\dietmar\Desktop\Organsisation.lnk
2015-06-27 18:05 - 2015-05-02 00:18 - 00000000 ____D C:\Users\dietmar\Documents\Visual Studio 2013
2015-06-26 22:34 - 2013-08-22 16:44 - 00530080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-26 18:42 - 2014-02-27 23:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-26 18:06 - 2015-06-11 23:47 - 00000000 ____D C:\Users\dietmar\AppData\Local\Microsoft_Corporation
2015-06-26 18:01 - 2014-02-27 23:40 - 00016738 _____ C:\WINDOWS\system32\results.xml
2015-06-26 17:45 - 2014-02-27 23:24 - 00121474 _____ C:\WINDOWS\DPINST.LOG
2015-06-26 01:33 - 2014-02-27 23:36 - 00000000 ____D C:\ProgramData\Conexant
2015-06-26 00:40 - 2014-02-27 23:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-06-26 00:40 - 2014-02-27 23:34 - 00000000 ____D C:\Program Files\Lenovo
2015-06-24 22:45 - 2015-05-01 13:59 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Büro
2015-06-24 14:47 - 2015-05-15 14:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 19:27 - 2015-05-02 23:11 - 00002224 _____ C:\Users\dietmar\Desktop\Musik.lnk
2015-06-23 19:21 - 2015-05-02 22:46 - 00001838 _____ C:\Users\dietmar\Desktop\Amalthea.lnk
2015-06-22 23:44 - 2015-05-29 02:20 - 00001213 _____ C:\Users\dietmar\Desktop\Android Studio.lnk
2015-06-22 04:09 - 2015-05-03 22:31 - 00000000 ____D C:\Users\dietmar\AppData\Local\Google
2015-06-22 02:01 - 2015-05-03 22:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-22 00:50 - 2015-05-15 14:00 - 00000000 ____D C:\Program Files\Google
2015-06-21 02:51 - 2013-07-11 08:57 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_cable64_win7.sys
2015-06-21 01:33 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Nitro PDF
2015-06-18 19:24 - 2015-04-27 17:52 - 00000000 ____D C:\Users\dietmar\AppData\Local\Adobe
2015-06-17 02:37 - 2014-02-27 23:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-17 02:14 - 2015-06-09 18:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-17 02:06 - 2015-06-02 21:07 - 00000000 ____D C:\SWTOOLS
2015-06-15 22:27 - 2015-06-10 01:25 - 00000000 ___RD C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multimedia
2015-06-15 22:27 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-15 13:02 - 2015-06-09 18:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-06-15 01:45 - 2015-05-01 14:13 - 00000000 ____D C:\Users\dietmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Entwicklung
2015-06-15 01:42 - 2014-02-28 00:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-15 01:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-15 01:41 - 2015-05-07 21:13 - 00000929 _____ C:\WINDOWS\ODBC.INI
2015-06-14 14:44 - 2015-04-27 17:50 - 00000000 ____D C:\Users\dietmar\AppData\Local\VirtualStore
2015-06-14 01:42 - 2015-06-13 22:04 - 00000000 ____D C:\Users\dietmar\Documents\SQL Server Management Studio

==================== Files in the root of some directories =======

2015-04-27 17:51 - 2015-05-02 01:38 - 0001516 _____ () C:\Users\dietmar\AppData\Roaming\AbsoluteReminder.xml
2015-06-21 03:54 - 2015-06-24 02:21 - 0002866 _____ () C:\Users\dietmar\AppData\Roaming\VoiceMeeterDefault.xml
2015-04-27 17:50 - 2015-04-27 17:50 - 0000193 _____ () C:\Users\dietmar\AppData\Local\RegisteredPackageInformation.xml
2014-02-27 23:36 - 2014-02-27 23:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-15 02:32 - 2015-06-15 02:32 - 0000293 ____H () C:\ProgramData\wb764821reg.bin

Some files in TEMP:
====================
C:\Users\dietmar\AppData\Local\Temp\avgnt.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-14 13:50

==================== End of log ============================

--- --- ---

Code:

ATTFilter

Additional
FRST Logfile:

	Code: 

 ATTFilter

  
	scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by dietmar at 2015-07-14 16:10:04
Running from C:\Users\dietmar\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1349822815-2598862020-373602666-500 - Administrator - Disabled)
dietmar (S-1-5-21-1349822815-2598862020-373602666-1001 - Administrator - Enabled) => C:\Users\dietmar
Gast (S-1-5-21-1349822815-2598862020-373602666-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1349822815-2598862020-373602666-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.12.25 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6.10.1246 - Avira Operations GmbH & Co. KG)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.9.0 - Conexant)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic German Language Pack for Visual Studio 2008 (HKLM-x32\...\{3924C3E7-C440-4B23-9740-9A9EC0545F21}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) (HKLM\...\{1D5F34D0-6329-4D92-B81A-E24E9028910C}) (Version: 10.5.0.0 - Business Objects)
Das große DGS Wörterbuch 1.0.2.6 (HKLM-x32\...\{71FB874A-A992-4ED6-9522-6EFF78ADDDCB}_is1) (Version:  - Verlag Karin Kestner)
Dependency Package Update (Version: 1.6.30.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DNSBlock (HKLM\...\{7b5da7f5-de7d-4e00-b330-a2e08e460095}) (Version: 1.0.0 - NETNS GMBH)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
FreeFileSync 7.2 (HKLM-x32\...\FreeFileSync) (Version: 7.2 - www.FreeFileSync.org)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.28314 - Hauppauge Computer Works)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB971091) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB973674) (Version: 1 - Microsoft Corporation)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3855 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.1.12.100 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.8 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.9 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.2 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0037 - Lenovo)
Lenovo Transition (HKLM\...\{660FFFA1-BC46-4B79-A3B5-E51D8964FF1F}) (Version: 1.0.002.00 - Lenovo Group Limited)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{B1060346-9388-4C5B-AA52-176C39819E43}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{72CCBEA1-8D57-4981-A337-81019F28C5BA}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Document Explorer 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{7D1C6D7B-8E3F-4724-94C8-AA7EB7F60AE0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014-Laufzeit (HKLM-x32\...\{30956415-84C1-4F0C-B2AD-BC8944730DDA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014-Setup (Deutsch) (HKLM\...\{75990ACD-8124-45DB-BAED-6D5B51305F6D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 DEU (HKLM-x32\...\{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices DEU (HKLM-x32\...\{1C3ADB5F-750E-4453-AC98-B75C5323845C}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server*2014 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server*2014 Express LocalDB  (HKLM\...\{CA191120-4CB1-4E3D-89B8-79FDB9017A2E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Policies  (HKLM-x32\...\{B23A3E56-8859-4F60-B3FA-FA14DE9050B5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL Compiler Service  (HKLM\...\{BC87D3DC-0257-4C81-8795-A0AAE6560B11}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom  (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - DEU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2014 (HKLM\...\{D390AADD-C825-4B31-8C79-83A9461D5524}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{AC888A60-9557-3B74-B52B-F353D01BD544}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{9408684F-E1CC-4D2E-AE15-886023557682}) (Version: 12.0.2000.8 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.01.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2014 (HKLM-x32\...\{B7312B95-77C6-497E-A63F-596A77B20F31}) (Version: 12.0.2000.8 - Microsoft Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.12.68 - )
ThinkPad USB 3.0 Dock (HKLM-x32\...\{69109A9C-1D00-4A84-9ABF-AAE9CADD20DD}) (Version: 1.07.15 - Lenovo)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.10 - Lenovo)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{D8125A39-ADEE-4187-B04D-DB6CF489AF61}) (Version: 10.3.5500.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB972221) (Version: 1 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual Studio .NET Prerequisites - English (HKLM\...\{ACD875CC-A146-3125-8F99-D3766F46FD86}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.0.0.0 - 1&1 Mail & Media GmbH)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{DA7F48EF-5F56-45FE-9169-3B8159A7A323}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Intel hdc  (07/25/2013 9.4.0.1023) (HKLM\...\87403FF3ADDFA1770936C9436A187AC3B9FBC8DE) (Version: 07/25/2013 9.4.0.1023 - Intel)
Windows-Treiberpaket - Intel System  (07/25/2013 9.4.0.1023) (HKLM\...\BDBD400472735932E15286ACD00A1DA1856D2B6D) (Version: 07/25/2013 9.4.0.1023 - Intel)
Windows-Treiberpaket - Intel System  (08/21/2013 9.4.0.1027) (HKLM\...\FC58A12A405BF6933FC97269FF68C969D128F381) (Version: 08/21/2013 9.4.0.1027 - Intel)
Windows-Treiberpaket - Intel USB  (07/31/2013 9.4.0.1025) (HKLM\...\A6995A77D26D0B0292A9C3B4878836D232899FE0) (Version: 07/31/2013 9.4.0.1025 - Intel)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
Windows-Treiberpaket - Synaptics (SmbDrv) System  (02/06/2014 17.0.12.68) (HKLM\...\342F51AB97BF27B1CF8077CE6B9093FE14E716AE) (Version: 02/06/2014 17.0.12.68 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (02/06/2014 17.0.12.68) (HKLM\...\9B411E2775A7792CE52FB04188C3F02E3F15957F) (Version: 02/06/2014 17.0.12.68 - Synaptics)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1349822815-2598862020-373602666-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

04-07-2015 14:51:18 Installed 7-Zip 9.20 (x64 edition)
08-07-2015 18:43:29 Windows Update
14-07-2015 06:55:54 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0357BEDE-4507-4F72-BDFA-0B8931028617} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {042A31F1-534F-40BD-AE97-8EA0509E5CD6} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe
Task: {14E7BF72-A5CB-4A19-BBDC-EBE430B97702} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {2B204E76-39F6-4038-BBCA-F6B76B29E5F3} - System32\Tasks\Lenovo\Lenovo Transition Launcher => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [2013-09-05] ()
Task: {33DDAD0F-AAC4-45C1-B04C-3AFE1D487C23} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {7E763602-124E-49A5-82FA-C258B7685821} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {9300C65A-FFDC-4BA2-ABBB-DE9CA3F07D90} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {99F891AA-221F-4AD5-BAB4-B95118D01F69} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
Task: {AF1667B7-4EB5-4F64-80E5-363C94674960} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-10] (Maxthon International ltd.)
Task: {BE207E10-D102-40AB-AE0F-3A18CBB99688} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe
Task: {D7A7BDC4-B6C4-4C00-A564-0045F2BB3072} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-05-15] ()
Task: {D7A7BDC4-B6C4-4C00-A564-0045F2BB3072} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-05-15] ()
Task: {FB56D49B-27C7-4D31-B0EC-2BCFDDAF8873} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FF49B497-86C2-4988-A31F-BFA4F3133B5B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-03-06] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2013-09-05 18:28 - 2013-09-05 18:28 - 00292200 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-02-28 00:04 - 2013-10-11 08:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.dll
2013-09-05 18:28 - 2013-09-05 18:28 - 00106856 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2015-06-26 01:36 - 2010-10-26 11:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-02-28 00:04 - 2013-10-11 08:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-02-28 00:04 - 2013-11-01 18:16 - 00467720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-02-28 00:04 - 2013-11-01 18:16 - 00013064 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2013-09-05 18:28 - 2013-09-05 18:28 - 00097128 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2013-09-05 18:28 - 2013-09-05 18:28 - 00101224 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-02-27 23:32 - 2013-09-16 21:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-03 19:08 - 2015-05-03 19:08 - 00799232 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\86865ced79f3180ebdfa736d895e5edb\Windows.Networking.ni.dll
2015-05-23 04:11 - 2015-05-23 04:11 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 20722336 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\dietmar\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1349822815-2598862020-373602666-1001\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1349822815-2598862020-373602666-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1349822815-2598862020-373602666-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.226.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4020B7A5-CA19-4F5F-873B-15483EA13D5C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5FBF9BE7-B387-4BC1-83F9-DAAF9D8C14F4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F99DA584-81DB-4B99-A70D-DCD2A544931D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{E74E1D67-A7C4-4F48-80E2-B857C87100F5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E13B7E83-E963-4172-95AE-1FA58E6127FE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{DA05E8E3-2908-44A1-8A82-6E7B4AB347D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{366D027B-D2BB-4952-A14A-30AB7C2B126F}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5418BC7E-6CC5-47A1-81D6-FF0D8D1504EB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{D1B3E46D-56F9-4A1D-9A66-2221D834A057}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{EA07E8B0-B47D-4989-B047-B4BBC492CE15}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{F26E5B2E-EC32-4FC7-9C65-6E3D67BCD594}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{56C13753-D791-4322-B197-A647B23601BF}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{7DB79029-8301-4B52-886E-3E48EFB292A4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{F8DEE95C-825E-4CC4-AFD1-955927C8573C}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{8BDA8D0D-18C6-49AA-962D-18AD120CC15A}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{1FBB9DF3-3199-4A59-B747-BE0DCC9081B1}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{3128A6D6-6AE5-42FD-A1D9-148A713A98FB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{29CF88BF-F5F7-4E95-88CE-2E88965AD67F}] => (Allow) C:\Users\dietmar\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{5F520873-356C-45EC-9B90-3FB9E7B6B9ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDAC28E0-6B62-420F-91EB-2051C7F20203}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 04:10:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (07/14/2015 03:58:57 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/14/2015 03:58:57 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::WoWLANSupported   Net Detect:  WOWLAN Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/14/2015 03:58:57 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/14/2015 03:58:57 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/14/2015 03:41:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/14/2015 03:41:35 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/14/2015 03:21:35 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/14/2015 02:50:07 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/14/2015 01:46:13 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n


System errors:
=============
Error: (07/14/2015 04:02:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 04:01:58 PM) (Source: Schannel) (EventID: 4116) (User: LENOVO-PC)
Description: Das vom Remoteserver erhaltene Zertifikat enthält nicht den erwarteten Namen. Es ist daher nicht möglich festzustellen, ob eine Verbindung mit dem richtigen Server hergestellt wird. Der erwartete Servername lautet client.wns.windows.com. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.

Error: (07/14/2015 04:01:58 PM) (Source: Schannel) (EventID: 4120) (User: LENOVO-PC)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (07/14/2015 03:59:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1069

Error: (07/14/2015 03:59:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/14/2015 03:59:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/14/2015 03:59:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/14/2015 03:59:04 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/14/2015 03:59:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (07/14/2015 03:59:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-26 15:18:50.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:50.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:49.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.663
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 15:18:48.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 32%
Total physical RAM: 8102.8 MB
Available physical RAM: 5448.11 MB
Total Virtual: 16294.8 MB
Available Virtual: 13220.81 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:625.05 GB) (Free:491.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 658E0480)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 8CF416B6)

Partition: GPT Partition Type.

==================== End of log ============================
         
 --- --- ---

Aus User sicht scheint alles wieder in Ordnung zu sein!!

Beste Grüße!

M-K-D-B · 15.07.2015, 04:52

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Google Chrome wurde durch die Infektion schwer in Mitleidenschaft gezogen und muss deinstalliert werden. Google Chrome über die Systemsteuerung deinstallieren und "Alle Browserdaten löschen" mit auswählen. Anschließend den Rechner neu starten. Nun kann Google Chrome bei Bedarf wieder installiert werden!

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Program Files (x86)\{CAA517D1-B09D-418D-A5C4-931B49C01DB4}
C:\Program Files\{B80EC004-56AF-4899-AA4A-89CB150FB289}
FirewallRules: [{8BDA8D0D-18C6-49AA-962D-18AD120CC15A}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{1FBB9DF3-3199-4A59-B747-BE0DCC9081B1}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{7DB79029-8301-4B52-886E-3E48EFB292A4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{F8DEE95C-825E-4CC4-AFD1-955927C8573C}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{D1B3E46D-56F9-4A1D-9A66-2221D834A057}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{EA07E8B0-B47D-4989-B047-B4BBC492CE15}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
DeleteKey: HKEY_USERS\S-1-5-21-1349822815-2598862020-373602666-1001\Software\DownloadProtect
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Deaktiviere dein Anti-Viren-Programm.
Gehe zum Ordner C:\FRST\Quarantine.
Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
Lade die Quarantine.zip im Upload-Channel hoch.
Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
Klicke abschließend auf Hochladen.
Vielen Dank für deine Hilfe.
Aktiviere dein Anti-Viren-Programm wieder.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

eine Rückmeldung bezüglich des Uploads,
die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

didier · 17.07.2015, 14:29

Code:

ATTFilter

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by dietmar at 2015-07-16 22:27:51 Run:3
Running from C:\Users\dietmar\Desktop
Loaded Profiles: dietmar & MSSQL$SQLEXPRESS2014 (Available Profiles: dietmar & MSSQL$SQLEXPRESS2014)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\Program Files (x86)\{CAA517D1-B09D-418D-A5C4-931B49C01DB4}
C:\Program Files\{B80EC004-56AF-4899-AA4A-89CB150FB289}
FirewallRules: [{8BDA8D0D-18C6-49AA-962D-18AD120CC15A}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{1FBB9DF3-3199-4A59-B747-BE0DCC9081B1}] => (Allow) C:\Users\dietmar\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{7DB79029-8301-4B52-886E-3E48EFB292A4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{F8DEE95C-825E-4CC4-AFD1-955927C8573C}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{D1B3E46D-56F9-4A1D-9A66-2221D834A057}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{EA07E8B0-B47D-4989-B047-B4BBC492CE15}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
DeleteKey: HKEY_USERS\S-1-5-21-1349822815-2598862020-373602666-1001\Software\DownloadProtect
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.
C:\Program Files (x86)\{CAA517D1-B09D-418D-A5C4-931B49C01DB4} => moved successfully.
C:\Program Files\{B80EC004-56AF-4899-AA4A-89CB150FB289} => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8BDA8D0D-18C6-49AA-962D-18AD120CC15A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1FBB9DF3-3199-4A59-B747-BE0DCC9081B1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DB79029-8301-4B52-886E-3E48EFB292A4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8DEE95C-825E-4CC4-AFD1-955927C8573C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1B3E46D-56F9-4A1D-9A66-2221D834A057} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA07E8B0-B47D-4989-B047-B4BBC492CE15} => value removed successfully
HKEY_USERS\S-1-5-21-1349822815-2598862020-373602666-1001\Software\DownloadProtect => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1349822815-2598862020-373602666-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 637.6 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 22:28:03 ====

Code:

ATTFilter

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8364062efa774b4c86d7ff040aaea063
# end=init
# utc_time=2015-07-17 09:10:23
# local_time=2015-07-17 11:10:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24845
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8364062efa774b4c86d7ff040aaea063
# end=updated
# utc_time=2015-07-17 09:13:40
# local_time=2015-07-17 11:13:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8364062efa774b4c86d7ff040aaea063
# engine=24845
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-17 11:51:15
# local_time=2015-07-17 01:51:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1818120 14216267 0 0
# scanned=574281
# found=2
# cleaned=0
# scan_time=9454
sh=63B8C91672775A8A9D1641AF128B88DB0B1A9B3F ft=0 fh=0000000000000000 vn="JS/ClaraLab.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\dietmar\AppData\Local\BoBrowser\User Data\Default\Extensions\gfmdmibgfbecppaeocifplgmepgcpcbi\1.3.0.10000_0\scripts\content\montiera.js.vir"
sh=62DAA95C2FF1E0895C9A1307038DCDBAB9F1B1E1 ft=0 fh=0000000000000000 vn="JS/ClaraLab.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\dietmar\AppData\Local\BoBrowser\User Data\Default\Extensions\gfmdmibgfbecppaeocifplgmepgcpcbi\1.3.0.10000_0\scripts\content\scriptInjection.js.vir"

Code:

ATTFilter

 

 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus    
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date! 
 Adobe Flash Player 	18.0.0.160  
 Mozilla Firefox (39.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

M-K-D-B · 17.07.2015, 14:57

Die Funde von ESET zeigt auf die Qurantäne von AdwCleaner, also bereits erledigt. Diese Reste mit DelFix (siehe weiter unten) automatisch entfernt.

Danke für die Uploads!

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Avast	MSE

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B · 19.07.2015, 11:22

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

didier · 19.07.2015, 12:10

Rückmeldung:

Vielen Dank für diese professionelle Hilfe!!
Ich bin sehr foh, dass ich bei meiner Suche nach
Malewarebeseitigung auf euere Seite gestoßen bin!

Das hätte ich alleine sicher so nicht hinbekommen.

Man lernt auch eine Menge dabei!

Die Aufräumarbeiten waren leicht, da ich ja aktiv in alle Prozesse mit
eingebunden war und so die Orte/Pfade genau kannte, die bereinigt werden sollten.

Habe gerade eben noch eine Spende an euch geschickt.
Das Trojanerboard gibt es hoffentlich noch länger!

Beste Grüße