Trojaner-Board - Windows 7 (64bit): Werbung / Popups im Browser. "Hold Page" und mehr?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7 (64bit): Werbung / Popups im Browser. "Hold Page" und mehr? (https://www.trojaner-board.de/161848-windows-7-64bit-werbung-popups-browser-hold-page-mehr.html)

Windows 7 (64bit): Werbung / Popups im Browser. "Hold Page" und mehr?

Guten Abend,

Vorgestern habe ich FileZilla heruntergeladen um mich mit dem Server meiner Universität zu verbinden und über diesen zu arbeiten. Hat auch alles geklappt. Nur habe seitdem ständig Popups wenn ich Internetseiten aufrufe.

Suchlauf mit Malwarebytes kam zu mehreren Ergebnissen. (siehe log) auch habe ich "hold page" Erweiterung in Google Chrome entdeckt. Nach entfernen dieser "Erweiterung" und dem löschen aller Dateien in der Malwarebytes-Quarantäne kommen die Popups nicht mehr auf.

Aber gerade ist mein PC unerwartet mit blauem Bildschirm heruntergefahren.
Ich gehe also davon aus, das mein PC nicht sauber ist.

Logdateien sind zu groß, also als zip im Anhang.

Vielen Dank für Ihre Hilfe.

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Code:

defogger_disable by jpshortstuff (23.02.10.1)
 

Log created at 17:29 on 14/12/2014 (T410)
 
 
 

Checking for autostart values...
 

HKCU\~\Run values retrieved.
 

HKLM\~\Run values retrieved.
 
 
 

Checking for services/drivers...
 
 
 
 
 

-=E.O.F=-

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014

Ran by T410 (administrator) on T410-PC on 14-12-2014 17:31:23

Running from C:\Users\T410\Downloads

Loaded Profile: T410 (Available profiles: T410)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\consent.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-06-20] (Lenovo.)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-05-29] (Synaptics Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)

HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)

HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\RunOnce: [Adobe Speed Launcher] => 1418573509

HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\MountPoints2: {54c4f4d3-47af-11e4-9315-00a0c6000000} - D:\LaunchU3.exe -a

HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\MountPoints2: {881e5926-4a0c-11e3-82c6-00a0c6000000} - "D:\WD SmartWare.exe" autoplay=true

AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found

Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-331670129-925724647-3591002109-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/

HKU\S-1-5-21-331670129-925724647-3591002109-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.us.com/v/2/?guid={C854488E-A464-46CE-8674-E02F16A6594D}&serpv=17

HKU\S-1-5-21-331670129-925724647-3591002109-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.com/v/2/?guid={C854488E-A464-46CE-8674-E02F16A6594D}&serpv=17

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-331670129-925724647-3591002109-1000 -> DefaultScope {9BE37DEC-A619-4214-A15A-28B5C5D3D6AD} URL = hxxp://search.us.com/serp?guid={1E52FF77-AB24-4BDA-AB1A-8D1A77BF95F4}&action=default_search&serpv=5&k={searchTerms}

SearchScopes: HKU\S-1-5-21-331670129-925724647-3591002109-1000 -> {1A6246B7-3879-4549-AB06-FBEBEA471F8D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513

SearchScopes: HKU\S-1-5-21-331670129-925724647-3591002109-1000 -> {9BE37DEC-A619-4214-A15A-28B5C5D3D6AD} URL = hxxp://search.us.com/serp?guid={1E52FF77-AB24-4BDA-AB1A-8D1A77BF95F4}&action=default_search&serpv=5&k={searchTerms}

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\117m0ddf.default

FF NetworkProxy: "type", 4

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF user.js: detected! => C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\117m0ddf.default\user.js

FF Extension: Hold Page 1.0.1 - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\117m0ddf.default\Extensions\{a16a1775-5ab3-4034-ac52-de0795db97f0}.xpi [2014-12-12]
 

Chrome: 

=======

CHR HomePage: Default -> 

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()

CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java(TM) Platform SE 7 U65) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Profile: C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]

CHR Extension: (YouTube) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]

CHR Extension: (Adblock for Youtube™) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-10-29]

CHR Extension: (Google-Suche) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]

CHR Extension: (Zotero Connector) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-12-05]

CHR Extension: (Google Wallet) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]

CHR Extension: (Google Mail) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)

S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-05] (Samsung Electronics) [File not signed]

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

S2 Util albrechto; "C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-14] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2010-04-26] (QUALCOMM Incorporated)

R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)

R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-14 17:31 - 2014-12-14 17:31 - 00018439 _____ () C:\Users\T410\Downloads\FRST.txt

2014-12-14 17:31 - 2014-12-14 17:31 - 00000000 ____D () C:\FRST

2014-12-14 17:30 - 2014-12-14 17:30 - 02119680 _____ (Farbar) C:\Users\T410\Downloads\FRST64.exe

2014-12-14 17:29 - 2014-12-14 17:29 - 00000470 _____ () C:\Users\T410\Downloads\defogger_disable.log

2014-12-14 17:26 - 2014-12-14 17:26 - 00050477 _____ () C:\Users\T410\Downloads\Defogger.exe

2014-12-14 17:00 - 2014-12-14 17:00 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-13 17:31 - 2014-12-13 17:31 - 00000512 __RSH () C:\ProgramData\ntuser.pol

2014-12-13 10:10 - 2014-12-13 10:10 - 00184587 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche421_Interpolation (1).odt

2014-12-12 23:48 - 2014-12-12 23:48 - 00504827 _____ () C:\Users\T410\Desktop\GEOGF211_TP_Fiche411_MNT-Hydro.odt

2014-12-12 23:16 - 2014-12-12 23:16 - 00493182 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche411_MNT-Hydro.odt

2014-12-12 23:14 - 2014-12-14 17:11 - 00070634 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche321_Géoréférencement-Digitalisation.odt

2014-12-12 23:06 - 2014-12-12 23:07 - 01285707 _____ () C:\Users\T410\Desktop\GEOGF211_TP_Fiche312_Dues.odt

2014-12-12 22:57 - 2014-12-12 22:57 - 01071426 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections (1).odt

2014-12-12 20:33 - 2014-12-12 20:33 - 00022644 _____ () C:\Users\T410\Desktop\GEOGF211_TP_Fiche231_Dues.odt

2014-12-12 20:30 - 2014-12-12 20:30 - 00054462 _____ () C:\Users\T410\Downloads\Programme_cours-2014-15.ods

2014-12-12 20:30 - 2014-12-12 20:30 - 00052203 _____ () C:\Users\T410\Downloads\Liste_fiches (1).ods

2014-12-12 20:15 - 2014-12-12 20:15 - 01170734 _____ () C:\Users\T410\Desktop\GEOGF211_TP_Fiche_1.2_Dues.odt

2014-12-12 19:56 - 2014-12-12 19:56 - 01176754 _____ () C:\Users\T410\Downloads\Fiche 1.2 carto theìmatique densiteì pop (1).odt

2014-12-12 18:58 - 2014-12-12 18:58 - 00027640 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche421_Interpolation.odt

2014-12-12 18:12 - 2014-12-12 18:12 - 00001824 _____ () C:\Users\T410\Desktop\GRASS GIS 6.4.4.lnk

2014-12-12 18:12 - 2014-12-12 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRASS GIS 6.4.4

2014-12-12 18:10 - 2014-12-12 18:17 - 00000000 ____D () C:\Users\T410\Documents\grassdata

2014-12-12 18:10 - 2014-12-12 18:12 - 00000000 ____D () C:\Program Files (x86)\GRASS GIS 6.4.4

2014-12-12 18:06 - 2014-12-12 18:09 - 85758714 _____ () C:\Users\T410\Downloads\WinGRASS-6.4.4-1-Setup.exe

2014-12-12 17:39 - 2014-12-12 17:39 - 01176754 _____ () C:\Users\T410\Downloads\Fiche 1.2 carto theìmatique densiteì pop.odt

2014-12-12 17:28 - 2014-12-12 17:28 - 00017883 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche12_CartoThématique (1).odt

2014-12-12 17:26 - 2014-12-12 17:26 - 01022303 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche11_CartoGénérale_DUES.odt

2014-12-12 17:07 - 2014-12-12 17:08 - 00424420 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche221_SuperpositionsMatricielles_DUES.odt

2014-12-12 16:53 - 2014-12-12 16:53 - 00129935 _____ () C:\Users\T410\Downloads\2.1.3.qgs

2014-12-12 16:50 - 2014-12-12 16:50 - 01071426 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections.odt

2014-12-12 16:49 - 2014-12-12 21:23 - 01285343 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections-2.odt

2014-12-12 16:48 - 2014-12-12 16:48 - 00031092 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche231_SuperpositionsVectorielSurMatriciel(2).odt

2014-12-12 16:47 - 2014-12-12 16:47 - 00660242 _____ () C:\Users\T410\Downloads\fiche 2.1.3 Maude RESTEAU (1).odt

2014-12-12 15:50 - 2014-12-12 15:51 - 06916590 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche411_MNT-Hydro_Données.zip

2014-12-12 13:36 - 2014-12-12 13:36 - 00724330 _____ () C:\Users\T410\Desktop\GEOGF211_TP_Fiche213_Interrogations-SuperpositionsVectorielles_DUES.odt

2014-12-12 13:23 - 2014-12-12 13:23 - 00660242 _____ () C:\Users\T410\Downloads\fiche 2.1.3 Maude RESTEAU.odt

2014-12-12 13:19 - 2014-12-12 13:19 - 00000000 ____D () C:\Users\T410\AppData\Roaming\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000979 _____ () C:\Users\Public\Desktop\WinRAR.lnk

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\Program Files\WinRAR

2014-12-12 13:17 - 2014-12-12 13:17 - 02060888 _____ () C:\Users\T410\Downloads\winrar-x64-520d.exe

2014-12-12 13:11 - 2014-12-12 13:12 - 04692807 _____ () C:\Users\T410\Downloads\TP 3.1.1 Dues.tar.gz

2014-12-12 13:03 - 2014-12-12 13:03 - 00666789 _____ () C:\Users\T410\Downloads\fiche 2.1.3 a rendre.odt

2014-12-12 13:03 - 2014-12-12 13:03 - 00012705 _____ () C:\Users\T410\Downloads\fiche 2.1.3 schéma (1).odg

2014-12-12 12:58 - 2014-12-12 13:36 - 00724329 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche213_Interrogations-SuperpositionsVectorielles (2).odt

2014-12-12 12:52 - 2014-12-12 12:52 - 00017883 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche12_CartoThématique.odt

2014-12-12 12:35 - 2014-12-12 12:35 - 00000000 ____D () C:\Users\T410\AppData\Roaming\GRASS6

2014-12-12 12:33 - 2014-12-12 12:33 - 00052203 _____ () C:\Users\T410\Downloads\Liste_fiches.ods

2014-12-12 12:31 - 2014-12-12 12:31 - 00000000 ____D () C:\Users\T410\Documents\PC Speed Maximizer

2014-12-12 12:27 - 2014-12-14 16:56 - 00000000 ____D () C:\Users\T410\AppData\Roaming\FileZilla

2014-12-12 12:27 - 2014-12-12 12:27 - 00002000 _____ () C:\Users\T410\Desktop\FileZilla Client.lnk

2014-12-12 12:27 - 2014-12-12 12:27 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2014-12-12 12:26 - 2014-12-12 12:27 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

2014-12-12 12:26 - 2014-12-12 12:25 - 06126536 _____ (Tim Kosse) C:\Users\T410\Downloads\FileZilla_3.9.0.6_win32-setup [1].exe

2014-12-11 21:47 - 2014-12-12 12:44 - 00001296 _____ () C:\Users\T410\Desktop\Neues Textdokument.txt

2014-12-11 11:54 - 2014-12-11 11:54 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-11 04:41 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 04:41 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 17:22 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 17:22 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 17:22 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 17:22 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 17:22 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 17:22 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 17:22 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 17:22 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 17:22 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 17:22 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-10 17:22 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 17:22 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 17:22 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 17:22 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 17:22 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 17:22 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 17:22 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 17:22 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 17:22 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 17:22 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 17:22 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 17:22 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-10 17:22 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 17:22 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 17:22 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 17:22 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 17:22 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 17:22 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 17:21 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 17:21 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 17:21 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 17:21 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 16:55 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 16:55 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 16:53 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 16:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 16:53 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 16:53 - 2014-10-30 03:04 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-12-10 16:53 - 2014-10-30 02:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-12-10 16:48 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 16:48 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 16:48 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 16:48 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 16:48 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 16:48 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 16:48 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 16:48 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-05 16:54 - 2014-12-05 16:54 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk

2014-12-05 16:54 - 2014-12-05 16:54 - 00001155 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk

2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Zotero

2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 ____D () C:\Users\T410\AppData\Local\Zotero

2014-12-05 16:53 - 2014-12-05 16:53 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone

2014-12-05 16:52 - 2014-12-05 16:53 - 35543712 _____ (Mozilla) C:\Users\T410\Downloads\Zotero-4.0.23_setup.exe

2014-12-03 17:55 - 2014-12-03 17:55 - 00019051 _____ () C:\Users\T410\Downloads\Abstract Syst.odt

2014-11-20 17:01 - 2014-11-21 17:25 - 00000000 ____D () C:\Users\T410\Desktop\Permaculture

2014-11-20 16:45 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-20 16:45 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-20 16:45 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-20 16:45 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-11-20 16:42 - 2014-12-14 17:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-20 16:42 - 2014-12-14 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-20 16:41 - 2014-12-14 17:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-20 16:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-20 16:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-20 16:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-20 16:38 - 2014-11-20 16:38 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\T410\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-20 14:24 - 2014-11-20 14:24 - 01249118 _____ () C:\Users\T410\Downloads\Projektplan_Wochentage_GO-1001-free.xlsx

2014-11-18 10:18 - 2014-11-18 10:19 - 00000010 _____ () C:\Users\T410\Desktop\orderin nr.txt

2014-11-14 16:17 - 2014-11-14 16:17 - 00028395 _____ () C:\Users\T410\Downloads\idées MFE Dues.odt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-14 17:18 - 2011-04-12 08:43 - 00699440 _____ () C:\Windows\system32\perfh007.dat

2014-12-14 17:18 - 2011-04-12 08:43 - 00149548 _____ () C:\Windows\system32\perfc007.dat

2014-12-14 17:18 - 2009-07-14 06:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-14 17:18 - 2009-07-14 05:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-14 17:18 - 2009-07-14 05:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-14 17:15 - 2013-08-05 14:33 - 01440521 _____ () C:\Windows\WindowsUpdate.log

2014-12-14 17:12 - 2013-08-13 19:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-14 17:11 - 2013-08-13 19:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-14 17:11 - 2013-08-13 19:31 - 00000000 ____D () C:\Users\T410\AppData\Local\Adobe

2014-12-14 17:11 - 2013-08-06 13:02 - 00035977 _____ () C:\Windows\setupact.log

2014-12-14 17:11 - 2010-11-21 04:47 - 00176998 _____ () C:\Windows\PFRO.log

2014-12-14 17:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-14 17:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration

2014-12-14 16:38 - 2013-08-13 19:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-14 10:16 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini

2014-12-13 20:12 - 2014-09-26 10:29 - 00000000 ____D () C:\Users\T410\.qgis2

2014-12-13 19:29 - 2013-12-01 02:52 - 00000000 ____D () C:\Users\T410\AppData\Roaming\vlc

2014-12-13 14:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2014-12-12 15:45 - 2013-10-03 13:51 - 00000000 ____D () C:\Users\T410\Desktop\UNI

2014-12-12 13:26 - 2014-10-17 10:07 - 00702572 _____ () C:\Users\T410\Desktop\zones d'intérêts culturel et et des zones d'intérêt paysager sous risque moyen ou élevé d'inondation.jpeg

2014-12-11 22:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-11 21:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-12-11 11:57 - 2013-08-13 22:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-11 11:54 - 2014-05-08 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-11 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-11 08:49 - 2013-08-06 10:53 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 04:52 - 2013-08-05 15:55 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 19:32 - 2013-09-30 20:21 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Skype

2014-12-10 13:38 - 2013-08-13 19:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 13:38 - 2013-08-13 19:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 13:38 - 2013-08-13 19:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-01 19:18 - 2014-11-06 20:00 - 00000000 ____D () C:\Users\T410\Desktop\MÉMOIRE

2014-11-28 16:01 - 2013-12-06 12:24 - 00000000 ____D () C:\Bilder

2014-11-25 21:22 - 2013-08-06 09:43 - 00000000 ____D () C:\Windows\System32\Tasks\TVT

2014-11-21 19:09 - 2014-11-04 19:52 - 00013866 _____ () C:\Users\T410\Desktop\horaire stage.ods

2014-11-21 17:25 - 2013-10-09 22:08 - 00000000 ___RD () C:\Musik

2014-11-21 16:25 - 2014-05-25 22:43 - 00000000 ____D () C:\Users\T410\Desktop\kritische Theorie und Ökologie

2014-11-21 16:24 - 2014-10-11 10:55 - 00000000 ____D () C:\Users\T410\Desktop\QGIS & co

2014-11-21 16:24 - 2014-05-03 09:40 - 00000000 ____D () C:\Users\T410\Desktop\STOFF

2014-11-15 11:07 - 2013-08-13 19:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-15 11:07 - 2013-08-13 19:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 

Some content of TEMP:

====================

C:\Users\T410\AppData\Local\Temp\Creative Cloud Helper.exe

C:\Users\T410\AppData\Local\Temp\htmlayout.dll

C:\Users\T410\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\T410\AppData\Local\Temp\Quarantine.exe

C:\Users\T410\AppData\Local\Temp\SkypeSetup.exe

C:\Users\T410\AppData\Local\Temp\uninst1.exe

C:\Users\T410\AppData\Local\Temp\uninstall9075202.exe

C:\Users\T410\AppData\Local\Temp\vcredist_x64.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-05 16:43
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014

Ran by T410 at 2014-12-14 17:31:47

Running from C:\Users\T410\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

50 FREE MP3s +1 Free Audiobook! (HKLM-x32\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.1.260 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)

Allin1Convert Firefox Toolbar (HKLM-x32\...\Allin1Convert_8hbar Uninstall Firefox) (Version:  - Mindspark Interactive Network) <==== ATTENTION

Allin1Convert Internet Explorer Toolbar (HKLM-x32\...\Allin1Convert_8hbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION

Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )

Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)

Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )

Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)

Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )

FileZilla Client 3.9.0.6 (HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

GRASS 6.4 (HKLM-x32\...\GRASS GIS 6.4.4) (Version: 6.4.4-1 - GRASS Development Team)

Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)

Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)

Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)

iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)

Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)

Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden

Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden

Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )

Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )

Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12166 - NVIDIA Corporation)

OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)

PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

QGIS Chugiak 2.4.0 Chugiak (HKLM\...\QGIS Chugiak) (Version:  - QGIS Development Team)

Qualcomm Gobi 2000 Package for Lenovo (HKLM-x32\...\{666C9123-1AEC-446F-8AA8-28256B1953D4}) (Version: 1.1.250 - QUALCOMM)

REAPER (x64) (HKLM\...\REAPER) (Version:  - )

rgc:audio sfz VSTi v1.68 (HKLM-x32\...\rgc:audio sfz VSTi_is1) (Version:  - )

RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )

ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)

ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)

ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)

ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.26 - Lenovo)

TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)

TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version:  - troubadix)

TransMac version 11.0 (HKLM-x32\...\TransMac_is1) (Version: 11.0 - Acute Systems)

Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{193CA6A6-E735-40B1-AA92-F611B291792C}) (Version: 3.2.2 - Smith Micro Software, Inc.)

VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)

Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)

Winamp Erkennungs-Plug-in (HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

Zotero Standalone 4.0.23 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.23 (x86 en-US)) (Version: 4.0.23 - Zotero)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

01-12-2014 12:53:41 Windows Update

04-12-2014 17:38:57 Windows Update

09-12-2014 16:32:25 Windows Update

11-12-2014 03:40:44 Windows Update

14-12-2014 12:51:34 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1C1E72FD-64FD-42A4-A8FC-66F3AE9F06C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {6066DDA4-99A3-48D0-9464-390994CFB555} - \BrowserDefendert No Task File <==== ATTENTION

Task: {6444D08B-5DD3-44F4-A617-68A3E6E2D364} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION

Task: {7937C243-4397-4D9F-AD8E-633DADE0B931} - System32\Tasks\{BCAADA76-2967-45FE-9CF4-763C4F9019EE} => pcalua.exe -a C:\Users\T410\AppData\Local\TNT2\2.0.0.1663\TNT2User.exe -c /UNINSTALL PARTNER=10511

Task: {7E3EA3A0-07C4-4C15-B138-AD3BB50264FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {86BC15B9-E3EE-4D9F-876F-2B5A6123E1F7} - System32\Tasks\{B2C3DF79-4CEE-4FED-B507-BEBAFAE3D7D0} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar

Task: {8DBD181E-DF68-41D5-A6F3-782D273797F2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()

Task: {8F8C9394-BA47-498E-A98D-4C7D2EA850E5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)

Task: {AF926DF6-21C4-4295-B509-15004540704A} - System32\Tasks\{E376EBF2-626F-48D0-91D7-33F6DDB0EA6B} => pcalua.exe -a C:\Users\T410\AppData\Local\TNT2\2.0.0.1663\TNT2User.exe -c /UNINSTALL PARTNER=10511

Task: {B675B24E-D2EE-4488-AF40-63DB86067351} - \EPUpdater No Task File <==== ATTENTION

Task: {BB7E5FC6-AD7E-4626-B74C-BC083794B733} - System32\Tasks\AdobeAAMUpdater-1.0-T410-PC-T410 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {C3CD21C0-3351-4B44-9DAD-CC58B0515D00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {DD9BD000-F3B1-46B3-B744-851C33EF533C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-04-11 07:26 - 2011-04-11 05:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll

2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2013-08-06 10:40 - 2013-06-26 05:55 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL

2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-10-16 18:01 - 2013-10-16 18:01 - 04624240 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll

2014-10-16 10:15 - 2014-10-16 10:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll

2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll

2013-10-17 16:45 - 2013-10-17 16:45 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll

2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll

2014-12-12 09:40 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-12 09:40 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-12 09:40 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-12 09:40 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-12 09:40 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-331670129-925724647-3591002109-500 - Administrator - Disabled)

Gast (S-1-5-21-331670129-925724647-3591002109-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-331670129-925724647-3591002109-1002 - Limited - Enabled)

T410 (S-1-5-21-331670129-925724647-3591002109-1000 - Administrator - Enabled) => C:\Users\T410
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/14/2014 05:11:44 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/14/2014 02:38:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2800748
 

Error: (12/14/2014 02:38:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2800748
 

Error: (12/14/2014 02:38:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (12/13/2014 02:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6859146
 

Error: (12/13/2014 02:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6859146
 

Error: (12/13/2014 02:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (12/13/2014 02:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6858147
 

Error: (12/13/2014 02:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6858147
 

Error: (12/13/2014 02:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

System errors:

=============

Error: (12/14/2014 05:11:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Util albrechto" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (12/12/2014 08:25:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Util albrechto" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (12/11/2014 09:54:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Util albrechto" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (12/11/2014 09:51:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Util albrechto" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (12/11/2014 09:47:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 1.189.1810.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT59
 

        Aktualisierungsphase: 4.6.0305.00
 

        Quellpfad: 4.6.0305.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\SYSTEM
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 

Error: (12/11/2014 11:55:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Util albrechto" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (12/11/2014 11:54:23 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 

Error: (12/09/2014 01:56:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 1.189.1516.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT59
 

        Aktualisierungsphase: 4.6.0305.00
 

        Quellpfad: 4.6.0305.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\SYSTEM
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 

Error: (12/04/2014 05:18:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 1.189.1241.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT59
 

        Aktualisierungsphase: 4.6.0305.00
 

        Quellpfad: 4.6.0305.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\SYSTEM
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 

Error: (12/01/2014 01:32:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 1.189.992.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT59
 

        Aktualisierungsphase: 4.6.0305.00
 

        Quellpfad: 4.6.0305.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\SYSTEM
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 
 

Microsoft Office Sessions:

=========================

Error: (12/14/2014 05:11:44 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/14/2014 02:38:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2800748
 

Error: (12/14/2014 02:38:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2800748
 

Error: (12/14/2014 02:38:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (12/13/2014 02:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6859146
 

Error: (12/13/2014 02:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6859146
 

Error: (12/13/2014 02:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (12/13/2014 02:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6858147
 

Error: (12/13/2014 02:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6858147
 

Error: (12/13/2014 02:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz

Percentage of memory in use: 51%

Total physical RAM: 3891.67 MB

Available physical RAM: 1873.14 MB

Total Pagefile: 7781.52 MB

Available Pagefile: 5538.88 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:38.35 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0A9BFB5C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-12-14 17:49:42

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 KINGSTON rev.507A 111,79GB

Running: Gmer-19357.exe; Driver: C:\Users\T410\AppData\Local\Temp\kxldipog.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 630                                                                                                                                                            fffff800033b9066 35 bytes {MOV ECX, [RAX+0x70]; ADD RCX, 0x208; MOV RDX, RSI; CALL 0x4f7fa}

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666                                                                                                                                                            fffff800033b908a 6 bytes [8B, 94, 24, 98, 01, 00]
 

---- User code sections - GMER 2.1 ----
 

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                  0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                   00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                            00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                   000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                            0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                  000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                       0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                  0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                     000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                  00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                            00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                            00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                      0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                        0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                      0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                      000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                         00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                  00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                         000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                  0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                        000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                             0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                      000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                        0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                           000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                        00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                      00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                  00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                  00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                             0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                               0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                             0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                             000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                         00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                         0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                               000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                    0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                             000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                               0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                  000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                               00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                             00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                         00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                         00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

?         C:\Windows\system32\mssprxy.dll [4368] entry point in ".rdata" section                                                                                                                                                        0000000071c671e6

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                        0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                          0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                        0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                        000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                           00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                    00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                           000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                    0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                          000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                               0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                        000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                          0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                             000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                          00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                        00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                    00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                    00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                 0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                   0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                 0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                 000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                    00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                             00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                    000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                             0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                   000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                        0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                 000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                   0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                      000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                   00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                 00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                             00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                             00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                          0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                            0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                          0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                          000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                             00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                      00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                             000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                      0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                            000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                 0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                          000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                            0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                               000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                            00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                          00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                      00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                      00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                         0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                           0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                         0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                         000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                            00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                     00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                            000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                     0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                           000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                         000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                           0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                              000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                           00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                         00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                     00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                     00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                      0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                        0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                      0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                      000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                         00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                  00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                         000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                  0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                        000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                             0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                      000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                        0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                           000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                        00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                      00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                  00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                  00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                       0000000075581401 2 bytes JMP 74f0b21b C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                         0000000075581419 2 bytes JMP 74f0b346 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                       0000000075581431 2 bytes JMP 74f88ea9 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                       000000007558144a 2 bytes CALL 74ee48ad C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                           * 9

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                          00000000755814dd 2 bytes JMP 74f887a2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                   00000000755814f5 2 bytes JMP 74f88978 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                          000000007558150d 2 bytes JMP 74f88698 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                   0000000075581525 2 bytes JMP 74f88a62 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                         000000007558153d 2 bytes JMP 74effca8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                              0000000075581555 2 bytes JMP 74f068ef C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                       000000007558156d 2 bytes JMP 74f88f61 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                         0000000075581585 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                            000000007558159d 2 bytes JMP 74f8865c C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                         00000000755815b5 2 bytes JMP 74effd41 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                       00000000755815cd 2 bytes JMP 74f0b2dc C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                   00000000755816b2 2 bytes JMP 74f88e24 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                   00000000755816bd 2 bytes JMP 74f885f1 C:\Windows\syswow64\kernel32.dll

?         C:\Windows\system32\mssprxy.dll [7024] entry point in ".rdata" section                                                                                                                                                        0000000071c671e6

---- Processes - GMER 2.1 ----
 

Library   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1591309-A600-45BD-80FD-6B455DBF56F0}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [380](2014-12-14 16:34:11)  000007feefc60000
 

---- Registry - GMER 2.1 ----
 

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395443ca0                                                                                                                                                   

Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395443ca0 (not active ControlSet)                                                                                                                               

Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F46332E-83FA-824C-670A-D87CD17C2209}                                                                                                               

Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F46332E-83FA-824C-670A-D87CD17C2209}@oaloebpiagagidkiocndchldgggfnb                                                                                0x6A 0x61 0x62 0x69 ...

Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F46332E-83FA-824C-670A-D87CD17C2209}@pafncfajgbcaoenhicabnincmfdlbolc                                                                              0x6A 0x61 0x67 0x6B ...
 

---- EOF - GMER 2.1 ----

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 14.12.2014

Suchlauf-Zeit: 17:01:39

Logdatei: SuchlaufMalwarebytes.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2014.12.14.06

Rootkit Datenbank: v2014.12.08.03

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bˆsartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: T410
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 335273

Verstrichene Zeit: 8 Min, 29 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Heuristik: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 2

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\updateHoldPage.exe, 9300, Lˆschen bei Neustart, [c6014a1698e480b6888b6687b64b51af]

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe, 10492, Lˆschen bei Neustart, [7b4cd090eb912f075eb5a449fb066898]
 

Module: 0

(Keine sch‰dliche Elemente erkannt)
 

Registrierungsschl¸ssel: 25

PUP.Optional.HoldPage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Hold Page, In Quarant‰ne, [c6014a1698e480b6888b6687b64b51af], 

PUP.Optional.HoldPage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Hold Page, In Quarant‰ne, [7b4cd090eb912f075eb5a449fb066898], 

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarant‰ne, [7057e57bed8f310521779c6cd330c937], 

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarant‰ne, [7057e57bed8f310521779c6cd330c937], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6c14185e-4de6-4a79-985b-19f23fd1e638}, In Quarant‰ne, [44830f5184f895a1c35a85475ba75aa6], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{180BD92C-7EC0-4CF9-9329-7CEA0405B796}, In Quarant‰ne, [44830f5184f895a1c35a85475ba75aa6], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B0B3C08-2AC3-43AD-AC78-3DB45181A1E1}, In Quarant‰ne, [44830f5184f895a1c35a85475ba75aa6], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B0B3C08-2AC3-43AD-AC78-3DB45181A1E1}, In Quarant‰ne, [44830f5184f895a1c35a85475ba75aa6], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{180BD92C-7EC0-4CF9-9329-7CEA0405B796}, In Quarant‰ne, [44830f5184f895a1c35a85475ba75aa6], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6C14185E-4DE6-4A79-985B-19F23FD1E638}, In Quarant‰ne, [44830f5184f895a1c35a85475ba75aa6], 

PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}w64, In Quarant‰ne, [537472eee19bdf572e31ccfb57addb25], 

PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a16a1775-5ab3-4034-ac52-de0795db97f0}w64, In Quarant‰ne, [f3d45907f38988ae95ca9f28f90ba858], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\Hold Page, In Quarant‰ne, [2b9cfa661f5d152110325003f211b749], 

PUP.Optional.HoldPage.A, HKU\S-1-5-21-331670129-925724647-3591002109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Hold Page, In Quarant‰ne, [50776df3443878be5be6b69d8083be42], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-331670129-925724647-3591002109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarant‰ne, [60677ae66a12b680c7d2c9c89b687a86], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-331670129-925724647-3591002109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarant‰ne, [7f48035d502c68ce3089c7e05ba9c13f], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Hold Page, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 
 

Registrierungswerte: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-331670129-925724647-3591002109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, In Quarant‰ne, [7f48035d502c68ce3089c7e05ba9c13f]
 

Registrierungsdaten: 0

(Keine sch‰dliche Elemente erkannt)
 

Ordner: 4

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page, Lˆschen bei Neustart, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin, Lˆschen bei Neustart, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\TEMP, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 
 

Dateien: 45

PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}w64.sys, Lˆschen bei Neustart, [b49db9da7a65199172eb26b132e44724], 

PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}w64.sys, Lˆschen bei Neustart, [d396e94150e7d024d208db637d2766bd], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\updateHoldPage.exe, Lˆschen bei Neustart, [c6014a1698e480b6888b6687b64b51af], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe, Lˆschen bei Neustart, [7b4cd090eb912f075eb5a449fb066898], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\HoldPagebho.dll, In Quarant‰ne, [44830f5184f895a1c35a85475ba75aa6], 

PUP.Optional.InstallCore, C:\Users\T410\Downloads\FileZilla_3.9.0.6_win32-setup.exe, In Quarant‰ne, [27a0550bd7a5a49297f351102ed741bf], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\0, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\HoldPage.ico, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\HoldPageUninstall.exe, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\ljbbmbgagpjnafekbkklmfbjccbnjmnh.crx, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\updateHoldPage.InstallState, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\7za.exe, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\tmp3965.tmp, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\078ad437dc9f42289edb.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\078ad437dc9f42289edb64.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\a16a17755ab34034ac52.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\a16a17755ab34034ac5264.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\BrowserAdapter.7z, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\HoldPage.BrowserAdapter.exe, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\HoldPage.BrowserAdapter64.exe, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\HoldPage.expext.exe, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\HoldPage.expext.zip, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\HoldPage.expextdll.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse.zip, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\sqlite3.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\tmp1893.tmp, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\tmp6A85.tmp, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\tmp98C0.tmp, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\tmpA453.tmp, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\tmpEB3F.tmp, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\utilHoldPage.InstallState, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}64.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\{a16a1775-5ab3-4034-ac52-de0795db97f0}.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\{a16a1775-5ab3-4034-ac52-de0795db97f0}64.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.Bromon.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.BroStats.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.BrowserAdapter.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.CompatibilityChecker.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.ExpExt.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.FFUpdate.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.GCUpdate.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.IEUpdate.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 

PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page\bin\plugins\HoldPage.PurBrowse.dll, In Quarant‰ne, [67603030f28af640a1c4113a61a2a25e], 
 

Physische Sektoren: 0

(Keine sch‰dliche Elemente erkannt)
 
 

(end)

Mittlerweile beim starten: "CHKDSK überprüft dateien...." und ""CHKDSK überprüft Sicherheitserkennung..."
Danach ist mein Desktop schwarz (sehe nur noch die Maus) Explorer wurde wahrscheinlich deaktiviert
=> explorer.exe => "Die Anwendung konnte nicht korrekt gestartet werden (0xc0000022)
klicken sie ok um die Anwendung zu schliessen."

Dann ab jetzt im abgesicherten Modus:

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Allin1Convert Firefox Toolbar

Allin1Convert Internet Explorer Toolbar (HKLM-x32\...\Allin1Convert_8hbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Danke. Ich kenne mich leider überhaupt nicht mit dem abgesicherten Modus aus.
Beim hochfahren habe ich f8 gedrückt nur erscheint dann "Error 0210: Stuck Key 42
Press F1 to Setup"

wenn ich F1 dr¨cke passiert nichts...

Hat jetzt doch geklappt!

Habe alles soweit ausgeführt.
Zwei sachen: beim RevoUninstaller wurde beide male "Das angegebene Modul wurde nicht gefunden" angezeigt...hat dann doch alles gefunden so scheint es denn ich konnte Ihre Anweisungen befolgen.

combofix: habe ich nicht auf dem Desktop gespeichert. Beim download ausführen war er direkt in Downloads und Combofix fenster ist aufgegangen.
Nach dem ausschalten des Microsoft Security Essentials Echtzeitschutz sagte Combofix, dass dieser immer noch aktiv sei. Habe dann weiter Combofix ausgeführt.

Ist es ok so oder muss ich Combofix noch einmal ausführen?
Vielen Dank!

Hier die Combofix.txt

Code:

ComboFix 14-12-14.01 - T410 15.12.2014  20:38:05.1.4 - x64 NETWORK

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3892.2914 [GMT 1:00]

ausgeführt von:: c:\users\T410\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.pol

c:\programdata\Roaming

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-11-15 bis 2014-12-15  ))))))))))))))))))))))))))))))

.

.

2014-12-15 19:27 . 2014-12-15 19:27        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-12-15 19:23 . 2014-12-15 19:23        --------        d-sh--w-        c:\users\T410\AppData\Local\EmieBrowserModeList

2014-12-14 21:01 . 2014-12-14 21:01        --------        d-----w-        C:\found.000

2014-12-14 16:52 . 2014-11-02 04:20        11632448        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{833D0B62-1625-42FC-A157-F13E59BC8998}\mpengine.dll

2014-12-14 16:31 . 2014-12-14 16:32        --------        d-----w-        C:\FRST

2014-12-14 12:51 . 2014-11-02 04:20        11632448        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-12-12 17:10 . 2014-12-12 17:12        --------        d-----w-        c:\program files (x86)\GRASS GIS 6.4.4

2014-12-12 12:18 . 2014-12-12 12:18        --------        d-----w-        c:\program files\WinRAR

2014-12-12 11:35 . 2014-12-12 11:35        --------        d-----w-        c:\users\T410\AppData\Roaming\GRASS6

2014-12-12 11:27 . 2014-12-14 15:56        --------        d-----w-        c:\users\T410\AppData\Roaming\FileZilla

2014-12-12 11:26 . 2014-12-12 11:27        --------        d-----w-        c:\program files (x86)\FileZilla FTP Client

2014-12-11 10:54 . 2014-12-11 10:54        --------        d-----w-        c:\windows\system32\appraiser

2014-12-11 03:41 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\SysWow64\mf.dll

2014-12-11 03:41 . 2014-10-18 02:05        4121600        ----a-w-        c:\windows\system32\mf.dll

2014-12-10 16:55 . 2014-09-17 00:36        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6B85CA8-6E3A-4EC7-BE3C-86BAC367AC2D}\gapaengine.dll

2014-12-10 16:21 . 2014-11-27 01:43        293040        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll

2014-12-10 16:21 . 2014-11-22 03:13        950784        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll

2014-12-10 16:21 . 2014-11-22 02:48        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll

2014-12-10 16:21 . 2014-11-22 02:09        199680        ----a-w-        c:\windows\system32\msrating.dll

2014-12-10 16:21 . 2014-11-22 02:08        1016832        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2014-12-10 16:21 . 2014-11-22 01:28        2358272        ----a-w-        c:\windows\system32\wininet.dll

2014-12-10 16:21 . 2014-11-22 01:09        382976        ----a-w-        c:\program files\Internet Explorer\IEShims.dll

2014-12-10 16:21 . 2014-11-22 03:13        25059840        ----a-w-        c:\windows\system32\mshtml.dll

2014-12-10 16:21 . 2014-11-22 03:00        10949120        ----a-w-        c:\program files\Internet Explorer\F12Resources.dll

2014-12-10 15:55 . 2014-12-04 02:50        192000        ----a-w-        c:\windows\system32\aepic.dll

2014-12-10 15:55 . 2014-12-04 02:44        1083392        ----a-w-        c:\windows\system32\aeinv.dll

2014-12-10 15:55 . 2014-12-01 23:28        1232040        ----a-w-        c:\windows\system32\aitstatic.exe

2014-12-10 15:55 . 2014-12-04 02:50        413184        ----a-w-        c:\windows\system32\generaltel.dll

2014-12-10 15:55 . 2014-12-04 02:50        741376        ----a-w-        c:\windows\system32\invagent.dll

2014-12-10 15:55 . 2014-12-04 02:50        396800        ----a-w-        c:\windows\system32\devinv.dll

2014-12-10 15:55 . 2014-12-04 02:50        227328        ----a-w-        c:\windows\system32\aepdu.dll

2014-12-10 15:53 . 2014-11-11 03:09        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2014-12-10 15:53 . 2014-11-11 02:44        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll

2014-12-10 15:53 . 2014-11-11 01:46        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys

2014-12-05 15:54 . 2014-12-05 15:54        --------        d-----w-        c:\users\T410\AppData\Roaming\Zotero

2014-12-05 15:54 . 2014-12-05 15:54        --------        d-----w-        c:\users\T410\AppData\Local\Zotero

2014-12-05 15:53 . 2014-12-05 15:53        --------        d-----w-        c:\program files (x86)\Zotero Standalone

2014-11-20 15:45 . 2014-11-11 03:08        241152        ----a-w-        c:\windows\system32\pku2u.dll

2014-11-20 15:45 . 2014-11-11 03:08        728064        ----a-w-        c:\windows\system32\kerberos.dll

2014-11-20 15:45 . 2014-11-11 02:44        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll

2014-11-20 15:45 . 2014-11-11 02:44        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

2014-11-20 15:42 . 2014-12-15 19:36        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-11-20 15:41 . 2014-12-14 16:00        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-11-20 15:41 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-11-20 15:41 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-11-20 15:41 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-12-11 03:52 . 2013-08-05 14:55        112710672        ----a-w-        c:\windows\system32\MRT.exe

2014-12-10 12:38 . 2013-08-13 18:33        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-12-10 12:38 . 2013-08-13 18:33        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-10-30 11:25 . 2010-11-21 03:27        275080        ------w-        c:\windows\system32\MpSigStub.exe

2014-10-25 01:57 . 2014-11-12 09:22        77824        ----a-w-        c:\windows\system32\packager.dll

2014-10-25 01:32 . 2014-11-12 09:22        67584        ----a-w-        c:\windows\SysWow64\packager.dll

2014-10-18 02:05 . 2014-11-12 09:22        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2014-10-18 01:33 . 2014-11-12 09:22        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2014-10-14 02:16 . 2014-11-12 09:23        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2014-10-14 02:13 . 2014-11-12 09:23        683520        ----a-w-        c:\windows\system32\termsrv.dll

2014-10-14 02:13 . 2014-11-12 09:22        3241984        ----a-w-        c:\windows\system32\msi.dll

2014-10-14 02:12 . 2014-11-12 09:23        1460736        ----a-w-        c:\windows\system32\lsasrv.dll

2014-10-14 02:09 . 2014-11-12 09:23        146432        ----a-w-        c:\windows\system32\msaudite.dll

2014-10-14 02:07 . 2014-11-12 09:23        681984        ----a-w-        c:\windows\system32\adtschema.dll

2014-10-14 01:50 . 2014-11-12 09:23        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-10-14 01:50 . 2014-11-12 09:22        2363904        ----a-w-        c:\windows\SysWow64\msi.dll

2014-10-14 01:49 . 2014-11-12 09:23        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2014-10-14 01:47 . 2014-11-12 09:23        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll

2014-10-14 01:46 . 2014-11-12 09:23        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll

2014-10-10 00:57 . 2014-11-12 09:22        3198976        ----a-w-        c:\windows\system32\win32k.sys

2014-10-03 02:12 . 2014-11-12 09:22        500224        ----a-w-        c:\windows\system32\AUDIOKSE.dll

2014-10-03 02:11 . 2014-11-12 09:22        284672        ----a-w-        c:\windows\system32\EncDump.dll

2014-10-03 02:11 . 2014-11-12 09:22        680960        ----a-w-        c:\windows\system32\audiosrv.dll

2014-10-03 02:11 . 2014-11-12 09:22        440832        ----a-w-        c:\windows\system32\AudioEng.dll

2014-10-03 02:11 . 2014-11-12 09:22        296448        ----a-w-        c:\windows\system32\AudioSes.dll

2014-10-03 01:44 . 2014-11-12 09:22        442880        ----a-w-        c:\windows\SysWow64\AUDIOKSE.dll

2014-10-03 01:44 . 2014-11-12 09:22        374784        ----a-w-        c:\windows\SysWow64\AudioEng.dll

2014-10-03 01:44 . 2014-11-12 09:22        195584        ----a-w-        c:\windows\SysWow64\AudioSes.dll

2014-09-25 02:08 . 2014-10-01 16:34        371712        ----a-w-        c:\windows\system32\qdvd.dll

2014-09-25 01:40 . 2014-10-01 16:34        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll

2014-09-19 09:42 . 2014-11-12 09:22        210944        ----a-w-        c:\windows\system32\wdigest.dll

2014-09-19 09:42 . 2014-11-12 09:22        86528        ----a-w-        c:\windows\system32\TSpkg.dll

2014-09-19 09:42 . 2014-11-12 09:22        342016        ----a-w-        c:\windows\system32\schannel.dll

2014-09-19 09:42 . 2014-11-12 09:22        314880        ----a-w-        c:\windows\system32\msv1_0.dll

2014-09-19 09:42 . 2014-11-12 09:22        309760        ----a-w-        c:\windows\system32\ncrypt.dll

2014-09-19 09:42 . 2014-11-12 09:22        22016        ----a-w-        c:\windows\system32\credssp.dll

2014-09-19 09:23 . 2014-11-12 09:22        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll

2014-09-19 09:23 . 2014-11-12 09:22        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll

2014-09-19 09:23 . 2014-11-12 09:22        248832        ----a-w-        c:\windows\SysWow64\schannel.dll

2014-09-19 09:23 . 2014-11-12 09:22        221184        ----a-w-        c:\windows\SysWow64\ncrypt.dll

2014-09-19 09:23 . 2014-11-12 09:22        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll

2014-09-19 09:23 . 2014-11-12 09:22        17408        ----a-w-        c:\windows\SysWow64\credssp.dll

2014-09-17 00:36 . 2013-08-13 18:11        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-03 111928]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-06-26 6002984]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]

"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-11-05 2237328]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableSecureUIAPath"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages        REG_MULTI_SZ           scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]

R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]

R2 TVicPort64;TVicPort64; [x]

R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

R2 Util albrechto;Util albrechto;c:\program files (x86)\albrechto\bin\utilalbrechto.exe;c:\program files (x86)\albrechto\bin\utilalbrechto.exe [x]

R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]

R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbserlno2k.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]

S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcfilterlno2k.sys [x]

S3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbnetlno2k.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-12-12 08:39        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-13 12:38]

.

2014-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-13 11:22]

.

2014-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-13 11:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]

@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"

[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]

2013-10-16 17:02        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]

@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"

[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]

2013-10-16 17:02        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]

@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"

[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]

2013-10-16 17:02        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-08-17 16415848]

"TpShocks"="TpShocks.exe" [2013-06-20 382248]

"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-03-14 63832]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 60920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984]

"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2013-03-20 154112]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.us.com/v/2/?guid={C854488E-A464-46CE-8674-E02F16A6594D}&serpv=17

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\117m0ddf.default\

FF - prefs.js: network.proxy.type - 4

user_pref(extensions.autoDisableScopes,14);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-MBAMSwissArmy

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-eMusic Promotion - c:\users\T410\AppData\Local\Temp\nsr873B.tmp\eMusic\Uninst-eMusic-promotion.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-331670129-925724647-3591002109-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F46332E-83FA-824C-670A-D87CD17C2209}*]

"oaloebpiagagidkiocndchldgggfnb"=hex:6a,61,62,69,6f,6e,65,70,6b,6f,64,6f,66,61,

   68,68,63,66,61,63,00,00

"pafncfajgbcaoenhicabnincmfdlbolc"=hex:6a,61,67,6b,63,6f,69,65,6f,65,69,64,63,

   6c,67,67,68,62,65,63,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-12-15  20:44:25 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-12-15 19:44

.

Vor Suchlauf: 15 Verzeichnis(se), 48.914.673.664 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 53.163.999.232 Bytes frei

.

- - End Of File - - 1F17F5289696A2A1C82FAA470C529FCB

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 17.12.2014

Suchlauf-Zeit: 15:14:02

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2014.12.17.02

Rootkit Datenbank: v2014.12.14.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: T410
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 337700

Verstrichene Zeit: 9 Min, 43 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Heuristik: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 0

(Keine schädliche Elemente erkannt)
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Code:

# AdwCleaner v4.105 - Bericht erstellt am 17/12/2014 um 16:02:04

# Aktualisiert 08/12/2014 von Xplode

# Database : 2014-12-16.1 [Live]

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : T410 - T410-PC

# Gestartet von : C:\Users\T410\Desktop\AdwCleaner_4.105.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17496
 
 

-\\ Mozilla Firefox v29.0.1 (de)
 
 

-\\ Google Chrome v39.0.2171.95
 
 

*************************
 

AdwCleaner[R0].txt - [17714 octets] - [30/09/2013 14:13:07]

AdwCleaner[R1].txt - [1176 octets] - [17/12/2014 15:56:24]

AdwCleaner[S0].txt - [17593 octets] - [30/09/2013 14:14:30]

AdwCleaner[S1].txt - [1090 octets] - [17/12/2014 16:02:04]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1150 octets] ##########

Komisch ist, dass ich einen ersten Suchlauf mit AdwCleaner gemacht habe und dieser auch etwas zum löschen gefunden hatte. Beim kopieren der .txt auf den desktop war dieser aber auf einmal eine ältere .txt (von vor ein einhalb Jahren). Kann sein, dass ich ausversehen was falsches kopiert habe. Wie dem auch sei, dies ist jetzt der log vom zweiten Suchlauf.

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Professional x64

Ran by T410 on 17.12.2014 at 15:45:49,52

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-331670129-925724647-3591002109-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update albrechto

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util albrechto

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BE37DEC-A619-4214-A15A-28B5C5D3D6AD}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted: [Folder] C:\Users\T410\AppData\Roaming\mozilla\firefox\profiles\117m0ddf.default\extensions\staged
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17.12.2014 at 15:47:09,26

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01

Ran by T410 (administrator) on T410-PC on 17-12-2014 15:50:47

Running from C:\Users\T410\Desktop

Loaded Profile: T410 (Available profiles: T410)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-06-20] (Lenovo.)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-05-29] (Synaptics Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)

HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)

HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [17593 2014-12-17] ()

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-331670129-925724647-3591002109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-331670129-925724647-3591002109-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-331670129-925724647-3591002109-1000 -> {1A6246B7-3879-4549-AB06-FBEBEA471F8D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\117m0ddf.default

FF NetworkProxy: "type", 4

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Extension: Hold Page 1.0.1 - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\117m0ddf.default\Extensions\{a16a1775-5ab3-4034-ac52-de0795db97f0}.xpi [2014-12-12]
 

Chrome: 

=======

CHR HomePage: Default -> 

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()

CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java(TM) Platform SE 7 U65) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Profile: C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]

CHR Extension: (YouTube) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]

CHR Extension: (Adblock for Youtube™) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-10-29]

CHR Extension: (Google-Suche) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]

CHR Extension: (Zotero Connector) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-12-05]

CHR Extension: (Google Wallet) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]

CHR Extension: (Google Mail) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

S2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)

S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-05] (Samsung Electronics) [File not signed]

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2010-04-26] (QUALCOMM Incorporated)

R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)

S3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)

S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-17 15:50 - 2014-12-17 15:50 - 00013441 _____ () C:\Users\T410\Desktop\FRST.txt

2014-12-17 15:50 - 2014-12-17 15:50 - 00000000 ____D () C:\Users\T410\Desktop\FRST-OlderVersion

2014-12-17 15:47 - 2014-12-17 15:47 - 00001896 _____ () C:\Users\T410\Desktop\JRT.txt

2014-12-17 15:44 - 2014-12-17 15:44 - 01707646 _____ (Thisisu) C:\Users\T410\Desktop\JRT.exe

2014-12-17 15:42 - 2014-12-17 15:37 - 00017593 _____ () C:\Users\T410\Desktop\AdwCleaner[S0].txt

2014-12-17 15:33 - 2014-12-17 15:33 - 02166272 _____ () C:\Users\T410\Desktop\AdwCleaner_4.105.exe

2014-12-17 15:31 - 2014-12-17 15:31 - 00001196 _____ () C:\Users\T410\Desktop\mbam.txt

2014-12-17 15:11 - 2014-12-17 15:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\T410\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-15 20:44 - 2014-12-15 20:44 - 00026343 _____ () C:\ComboFix.txt

2014-12-15 20:37 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-15 20:37 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-15 20:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-15 20:34 - 2014-12-15 20:44 - 00000000 ____D () C:\Qoobox

2014-12-15 20:34 - 2014-12-15 20:43 - 00000000 ____D () C:\Windows\erdnt

2014-12-15 20:33 - 2014-12-15 20:33 - 05601641 ____R (Swearware) C:\Users\T410\Downloads\ComboFix.exe

2014-12-15 20:27 - 2014-12-15 20:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\T410\Downloads\revosetup95.exe

2014-12-15 20:27 - 2014-12-15 20:27 - 00001264 _____ () C:\Users\T410\Desktop\Revo Uninstaller.lnk

2014-12-15 20:27 - 2014-12-15 20:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-15 20:23 - 2014-12-15 20:23 - 00000000 __SHD () C:\Users\T410\AppData\Local\EmieBrowserModeList

2014-12-14 22:34 - 2014-12-14 22:34 - 00003288 ____N () C:\bootsqm.dat

2014-12-14 22:01 - 2014-12-14 22:01 - 00000000 ____D () C:\found.000

2014-12-14 18:59 - 2014-12-14 19:00 - 00031092 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche231_SuperpositionsVectorielSurMatriciel(2) (1).odt

2014-12-14 17:51 - 2014-12-14 17:51 - 00012299 _____ () C:\SuchlaufM.txt

2014-12-14 17:34 - 2014-12-14 17:34 - 00380416 _____ () C:\Users\T410\Downloads\Gmer-19357.exe

2014-12-14 17:31 - 2014-12-17 15:50 - 00000000 ____D () C:\FRST

2014-12-14 17:30 - 2014-12-17 15:50 - 02119168 _____ (Farbar) C:\Users\T410\Desktop\FRST64.exe

2014-12-14 17:26 - 2014-12-14 17:26 - 00050477 _____ () C:\Users\T410\Downloads\Defogger.exe

2014-12-14 17:00 - 2014-12-17 15:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-13 10:10 - 2014-12-13 10:10 - 00184587 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche421_Interpolation (1).odt

2014-12-12 23:16 - 2014-12-12 23:16 - 00493182 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche411_MNT-Hydro.odt

2014-12-12 23:14 - 2014-12-14 18:26 - 00070633 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche321_Géoréférencement-Digitalisation.odt

2014-12-12 22:57 - 2014-12-12 22:57 - 01071426 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections (1).odt

2014-12-12 20:30 - 2014-12-12 20:30 - 00054462 _____ () C:\Users\T410\Downloads\Programme_cours-2014-15.ods

2014-12-12 20:30 - 2014-12-12 20:30 - 00052203 _____ () C:\Users\T410\Downloads\Liste_fiches (1).ods

2014-12-12 19:56 - 2014-12-12 19:56 - 01176754 _____ () C:\Users\T410\Downloads\Fiche 1.2 carto theìmatique densiteì pop (1).odt

2014-12-12 18:58 - 2014-12-12 18:58 - 00027640 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche421_Interpolation.odt

2014-12-12 18:12 - 2014-12-12 18:12 - 00001824 _____ () C:\Users\T410\Desktop\GRASS GIS 6.4.4.lnk

2014-12-12 18:12 - 2014-12-12 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRASS GIS 6.4.4

2014-12-12 18:10 - 2014-12-12 18:17 - 00000000 ____D () C:\Users\T410\Documents\grassdata

2014-12-12 18:10 - 2014-12-12 18:12 - 00000000 ____D () C:\Program Files (x86)\GRASS GIS 6.4.4

2014-12-12 18:06 - 2014-12-12 18:09 - 85758714 _____ () C:\Users\T410\Downloads\WinGRASS-6.4.4-1-Setup.exe

2014-12-12 17:39 - 2014-12-12 17:39 - 01176754 _____ () C:\Users\T410\Downloads\Fiche 1.2 carto theìmatique densiteì pop.odt

2014-12-12 17:28 - 2014-12-12 17:28 - 00017883 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche12_CartoThématique (1).odt

2014-12-12 17:26 - 2014-12-12 17:26 - 01022303 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche11_CartoGénérale_DUES.odt

2014-12-12 17:07 - 2014-12-12 17:08 - 00424420 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche221_SuperpositionsMatricielles_DUES.odt

2014-12-12 16:53 - 2014-12-12 16:53 - 00129935 _____ () C:\Users\T410\Downloads\2.1.3.qgs

2014-12-12 16:50 - 2014-12-12 16:50 - 01071426 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections.odt

2014-12-12 16:49 - 2014-12-12 21:23 - 01285343 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections-2.odt

2014-12-12 16:48 - 2014-12-12 16:48 - 00031092 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche231_SuperpositionsVectorielSurMatriciel(2).odt

2014-12-12 16:47 - 2014-12-12 16:47 - 00660242 _____ () C:\Users\T410\Downloads\fiche 2.1.3 Maude RESTEAU (1).odt

2014-12-12 15:50 - 2014-12-12 15:51 - 06916590 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche411_MNT-Hydro_Données.zip

2014-12-12 13:23 - 2014-12-12 13:23 - 00660242 _____ () C:\Users\T410\Downloads\fiche 2.1.3 Maude RESTEAU.odt

2014-12-12 13:19 - 2014-12-12 13:19 - 00000000 ____D () C:\Users\T410\AppData\Roaming\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000979 _____ () C:\Users\Public\Desktop\WinRAR.lnk

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\Program Files\WinRAR

2014-12-12 13:17 - 2014-12-12 13:17 - 02060888 _____ () C:\Users\T410\Downloads\winrar-x64-520d.exe

2014-12-12 13:11 - 2014-12-12 13:12 - 04692807 _____ () C:\Users\T410\Downloads\TP 3.1.1 Dues.tar.gz

2014-12-12 13:03 - 2014-12-12 13:03 - 00666789 _____ () C:\Users\T410\Downloads\fiche 2.1.3 a rendre.odt

2014-12-12 13:03 - 2014-12-12 13:03 - 00012705 _____ () C:\Users\T410\Downloads\fiche 2.1.3 schéma (1).odg

2014-12-12 12:58 - 2014-12-12 13:36 - 00724329 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche213_Interrogations-SuperpositionsVectorielles (2).odt

2014-12-12 12:52 - 2014-12-12 12:52 - 00017883 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche12_CartoThématique.odt

2014-12-12 12:35 - 2014-12-12 12:35 - 00000000 ____D () C:\Users\T410\AppData\Roaming\GRASS6

2014-12-12 12:33 - 2014-12-12 12:33 - 00052203 _____ () C:\Users\T410\Downloads\Liste_fiches.ods

2014-12-12 12:27 - 2014-12-14 16:56 - 00000000 ____D () C:\Users\T410\AppData\Roaming\FileZilla

2014-12-12 12:27 - 2014-12-12 12:27 - 00002000 _____ () C:\Users\T410\Desktop\FileZilla Client.lnk

2014-12-12 12:27 - 2014-12-12 12:27 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2014-12-12 12:26 - 2014-12-12 12:27 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

2014-12-12 12:26 - 2014-12-12 12:25 - 06126536 _____ (Tim Kosse) C:\Users\T410\Downloads\FileZilla_3.9.0.6_win32-setup [1].exe

2014-12-11 21:47 - 2014-12-14 20:51 - 00001408 _____ () C:\Users\T410\Desktop\Neues Textdokument.txt

2014-12-11 11:54 - 2014-12-11 11:54 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-11 04:41 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 04:41 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 17:22 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 17:22 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 17:22 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 17:22 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 17:22 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 17:22 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 17:22 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 17:22 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 17:22 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 17:22 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-10 17:22 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 17:22 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 17:22 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 17:22 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 17:22 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 17:22 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 17:22 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 17:22 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 17:22 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 17:22 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 17:22 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 17:22 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-10 17:22 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 17:22 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 17:22 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 17:22 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 17:22 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 17:22 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 17:21 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 17:21 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 17:21 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 17:21 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 16:55 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 16:55 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 16:53 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 16:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 16:53 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 16:48 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 16:48 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 16:48 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 16:48 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 16:48 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 16:48 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 16:48 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 16:48 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-05 16:54 - 2014-12-05 16:54 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk

2014-12-05 16:54 - 2014-12-05 16:54 - 00001155 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk

2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Zotero

2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 ____D () C:\Users\T410\AppData\Local\Zotero

2014-12-05 16:53 - 2014-12-05 16:53 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone

2014-12-05 16:52 - 2014-12-05 16:53 - 35543712 _____ (Mozilla) C:\Users\T410\Downloads\Zotero-4.0.23_setup.exe

2014-12-03 17:55 - 2014-12-03 17:55 - 00019051 _____ () C:\Users\T410\Downloads\Abstract Syst.odt

2014-11-20 17:01 - 2014-11-21 17:25 - 00000000 ____D () C:\Users\T410\Desktop\Permaculture

2014-11-20 16:45 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-20 16:45 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-20 16:45 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-20 16:45 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-11-20 16:42 - 2014-12-17 15:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-20 16:42 - 2014-12-17 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-20 16:41 - 2014-12-17 15:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-20 16:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-20 16:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-20 16:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-20 16:38 - 2014-11-20 16:38 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\T410\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-20 14:24 - 2014-11-20 14:24 - 01249118 _____ () C:\Users\T410\Downloads\Projektplan_Wochentage_GO-1001-free.xlsx

2014-11-18 10:18 - 2014-11-18 10:19 - 00000010 _____ () C:\Users\T410\Desktop\orderin nr.txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-17 15:49 - 2013-08-05 14:33 - 01484125 _____ () C:\Windows\WindowsUpdate.log

2014-12-17 15:45 - 2013-10-01 10:14 - 00000000 ____D () C:\Windows\ERUNT

2014-12-17 15:43 - 2011-04-12 08:43 - 00699190 _____ () C:\Windows\system32\perfh007.dat

2014-12-17 15:43 - 2011-04-12 08:43 - 00149330 _____ () C:\Windows\system32\perfc007.dat

2014-12-17 15:43 - 2009-07-14 06:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-17 15:38 - 2013-08-13 19:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-17 15:38 - 2013-08-06 13:02 - 00036537 _____ () C:\Windows\setupact.log

2014-12-17 15:38 - 2010-11-21 04:47 - 00178222 _____ () C:\Windows\PFRO.log

2014-12-17 15:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-17 15:37 - 2013-09-30 14:12 - 00000000 ____D () C:\AdwCleaner

2014-12-17 15:05 - 2009-07-14 05:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-17 15:05 - 2009-07-14 05:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-15 20:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-15 20:40 - 2009-07-14 03:34 - 63700992 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-12-15 20:40 - 2009-07-14 03:34 - 22020096 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-12-15 20:40 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-12-15 20:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-12-15 20:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-12-15 20:16 - 2013-08-13 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-14 22:38 - 2013-08-13 19:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-14 19:12 - 2013-08-13 19:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-14 18:02 - 2013-12-06 12:24 - 00000000 ____D () C:\Bilder

2014-12-14 17:11 - 2013-08-13 19:31 - 00000000 ____D () C:\Users\T410\AppData\Local\Adobe

2014-12-14 17:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration

2014-12-14 10:16 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini

2014-12-13 20:12 - 2014-09-26 10:29 - 00000000 ____D () C:\Users\T410\.qgis2

2014-12-13 19:29 - 2013-12-01 02:52 - 00000000 ____D () C:\Users\T410\AppData\Roaming\vlc

2014-12-13 14:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2014-12-12 15:45 - 2013-10-03 13:51 - 00000000 ____D () C:\Users\T410\Desktop\UNI

2014-12-12 13:26 - 2014-10-17 10:07 - 00702572 _____ () C:\Users\T410\Desktop\zones d'intérêts culturel et et des zones d'intérêt paysager sous risque moyen ou élevé d'inondation.jpeg

2014-12-11 22:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-11 21:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-12-11 11:57 - 2013-08-13 22:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-11 11:54 - 2014-05-08 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-11 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-11 08:49 - 2013-08-06 10:53 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 04:52 - 2013-08-05 15:55 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 19:32 - 2013-09-30 20:21 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Skype

2014-12-10 13:38 - 2013-08-13 19:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 13:38 - 2013-08-13 19:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 13:38 - 2013-08-13 19:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-01 19:18 - 2014-11-06 20:00 - 00000000 ____D () C:\Users\T410\Desktop\MÉMOIRE

2014-11-25 21:22 - 2013-08-06 09:43 - 00000000 ____D () C:\Windows\System32\Tasks\TVT

2014-11-21 19:09 - 2014-11-04 19:52 - 00013866 _____ () C:\Users\T410\Desktop\horaire stage.ods

2014-11-21 17:25 - 2013-10-09 22:08 - 00000000 ___RD () C:\Musik

2014-11-21 16:25 - 2014-05-25 22:43 - 00000000 ____D () C:\Users\T410\Desktop\kritische Theorie und Ökologie

2014-11-21 16:24 - 2014-10-11 10:55 - 00000000 ____D () C:\Users\T410\Desktop\QGIS & co

2014-11-21 16:24 - 2014-05-03 09:40 - 00000000 ____D () C:\Users\T410\Desktop\STOFF
 

Some content of TEMP:

====================

C:\Users\T410\AppData\Local\temp\Quarantine.exe

C:\Users\T410\AppData\Local\temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-05 16:43
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01

Ran by T410 at 2014-12-17 15:51:10

Running from C:\Users\T410\Desktop

Boot Mode: Safe Mode (with Networking)

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

50 FREE MP3s +1 Free Audiobook! (HKLM-x32\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.1.260 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)

Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )

Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)

Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )

Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)

Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )

FileZilla Client 3.9.0.6 (HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

GRASS 6.4 (HKLM-x32\...\GRASS GIS 6.4.4) (Version: 6.4.4-1 - GRASS Development Team)

Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)

Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)

Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)

iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)

Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)

Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden

Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden

Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )

Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )

Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12166 - NVIDIA Corporation)

OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)

PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

QGIS Chugiak 2.4.0 Chugiak (HKLM\...\QGIS Chugiak) (Version:  - QGIS Development Team)

Qualcomm Gobi 2000 Package for Lenovo (HKLM-x32\...\{666C9123-1AEC-446F-8AA8-28256B1953D4}) (Version: 1.1.250 - QUALCOMM)

REAPER (x64) (HKLM\...\REAPER) (Version:  - )

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

rgc:audio sfz VSTi v1.68 (HKLM-x32\...\rgc:audio sfz VSTi_is1) (Version:  - )

RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )

ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)

ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)

ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)

ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.26 - Lenovo)

TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)

TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version:  - troubadix)

Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{193CA6A6-E735-40B1-AA92-F611B291792C}) (Version: 3.2.2 - Smith Micro Software, Inc.)

VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)

Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)

Winamp Erkennungs-Plug-in (HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

Zotero Standalone 4.0.23 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.23 (x86 en-US)) (Version: 4.0.23 - Zotero)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

01-12-2014 12:53:41 Windows Update

04-12-2014 17:38:57 Windows Update

09-12-2014 16:32:25 Windows Update

11-12-2014 03:40:44 Windows Update

14-12-2014 12:51:34 Windows Update

14-12-2014 19:51:51 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-15 20:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1C1E72FD-64FD-42A4-A8FC-66F3AE9F06C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {7937C243-4397-4D9F-AD8E-633DADE0B931} - System32\Tasks\{BCAADA76-2967-45FE-9CF4-763C4F9019EE} => pcalua.exe -a C:\Users\T410\AppData\Local\TNT2\2.0.0.1663\TNT2User.exe -c /UNINSTALL PARTNER=10511

Task: {7E3EA3A0-07C4-4C15-B138-AD3BB50264FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {86BC15B9-E3EE-4D9F-876F-2B5A6123E1F7} - System32\Tasks\{B2C3DF79-4CEE-4FED-B507-BEBAFAE3D7D0} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar

Task: {8DBD181E-DF68-41D5-A6F3-782D273797F2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()

Task: {8F8C9394-BA47-498E-A98D-4C7D2EA850E5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)

Task: {AF926DF6-21C4-4295-B509-15004540704A} - System32\Tasks\{E376EBF2-626F-48D0-91D7-33F6DDB0EA6B} => pcalua.exe -a C:\Users\T410\AppData\Local\TNT2\2.0.0.1663\TNT2User.exe -c /UNINSTALL PARTNER=10511

Task: {BB7E5FC6-AD7E-4626-B74C-BC083794B733} - System32\Tasks\AdobeAAMUpdater-1.0-T410-PC-T410 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {C3CD21C0-3351-4B44-9DAD-CC58B0515D00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {DD9BD000-F3B1-46B3-B744-851C33EF533C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2013-08-06 10:40 - 2013-06-26 05:55 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL

2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2014-10-16 10:15 - 2014-10-16 10:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll

2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll

2014-12-12 09:40 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-12 09:40 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-15 20:53 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\T410\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-12-15 20:53 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\T410\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-331670129-925724647-3591002109-500 - Administrator - Disabled)

Gast (S-1-5-21-331670129-925724647-3591002109-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-331670129-925724647-3591002109-1002 - Limited - Enabled)

T410 (S-1-5-21-331670129-925724647-3591002109-1000 - Administrator - Enabled) => C:\Users\T410
 

==================== Faulty Device Manager Devices =============
 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============

Error: (12/17/2014 03:49:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 1.189.2131.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT59
 

        Aktualisierungsphase: 4.6.0305.00
 

        Quellpfad: 4.6.0305.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\SYSTEM
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 

Error: (12/17/2014 03:49:30 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 

Error: (12/17/2014 03:47:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-12-15 20:40:25.560

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-12-15 20:40:25.529

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz

Percentage of memory in use: 27%

Total physical RAM: 3891.67 MB

Available physical RAM: 2807.91 MB

Total Pagefile: 7781.52 MB

Available Pagefile: 6697.48 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:49.23 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0A9BFB5C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=53c0484a1d30aa4793f6e2576df0141b

# engine=21602

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-12-17 09:07:42

# local_time=2014-12-17 10:07:42 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777214 100 100 7101766 147177310 0 0

# scanned=219470

# found=55

# cleaned=0

# scan_time=2577

sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hauxstb.dll.vir"

sh=1A77EA9E7975B74FB40A3B624896E30CAA8CCC3E ft=1 fh=fd94b5f53ab27b7a vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll.vir"

sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe.vir"

sh=0FF3588ECB69D2B18C6FAEC012672CA2F60314F6 ft=1 fh=731190b7425307d6 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbprtct.dll.vir"

sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon.exe.vir"

sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrstub.dll.vir"

sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="Variante von Win32/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hdatact.dll.vir"

sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hdlghk.dll.vir"

sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hdyn.dll.vir"

sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hfeedmg.dll.vir"

sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hhighin.exe.vir"

sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hhkstub.dll.vir"

sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hhtmlmu.dll.vir"

sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hhttpct.dll.vir"

sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hidle.dll.vir"

sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hieovr.dll.vir"

sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8himpipe.exe.vir"

sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hmedint.exe.vir"

sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hmlbtn.dll.vir"

sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hmsg.dll.vir"

sh=CBF93E0F6FF8AE054C18BDBE477CBFAF9F467CF9 ft=1 fh=f7d96c65ea0021a5 vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hPlugin.dll.vir"

sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hradio.dll.vir"

sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hregfft.dll.vir"

sh=A2F202F68FEF2A31E9FE3AE124A46B908349778C ft=1 fh=bf17c6b7704b10fd vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hreghk.dll.vir"

sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hregiet.dll.vir"

sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hscript.dll.vir"

sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hskin.dll.vir"

sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hsknlcr.dll.vir"

sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hskplay.exe.vir"

sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll.vir"

sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe.vir"

sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8htpinst.dll.vir"

sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8huabtn.dll.vir"

sh=630D5FC9ACC4932C87263895F554F8C3CB6D4B4A ft=1 fh=b81ce565a99a556c vn="Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe.vir"

sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll.vir"

sh=6902D246F8FC2457C9AE369B094292DE6EB454BC ft=1 fh=b1be847bff3fcf8f vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\CREXT.DLL.vir"

sh=FF9F058B12B6C4D9B6256304FA9078E391C7F32C ft=1 fh=6022d103b074fe9f vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe.vir"

sh=244414D9D39E114E7989C3B35A5FF038508ECFC1 ft=1 fh=0cbd734d892ac7d4 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\DPNMNGR.DLL.vir"

sh=6FF50369661027A1CD5F5E465F78C78913FF84CC ft=1 fh=c941e5f2ec9d2835 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\EXEMANAGER.DLL.vir"

sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\Hpg64.dll.vir"

sh=43A9AAA824F2D7C73276D8A4D873592F50460790 ft=1 fh=f3405492fb97d85f vn="Win32/Toolbar.MyWebSearch.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\NP8hStub.dll.vir"

sh=2F938D8C9A5D3C9C239793346D43193BA1CBFCD6 ft=1 fh=929bde520a5aa0d2 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\T8EXTEX.DLL.vir"

sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\T8EXTPEX.DLL.vir"

sh=7BBFF8810BB79104FE275FBBF7DE48DCBD877E01 ft=1 fh=946da15070ee37db vn="Variante von Win32/Toolbar.MyWebSearch.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\T8HTML.DLL.vir"

sh=2E85C71E79C5B2A65D8CCDD5B21AFE559102062F ft=1 fh=68336e5d9907ad1c vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\T8TICKER.DLL.vir"

sh=D0787BEAE97CE99982E7F5000772831421FD48E4 ft=1 fh=b650850bda28ebe2 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allin1Convert_8h\bar\1.bin\VERIFY.DLL.vir"

sh=13703FE4CA375FED8DDA4DCF1E9910A81BBAE311 ft=1 fh=c37f38932e527a32 vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SeeSimilar\AddonsFramework.Typelib.dll.vir"

sh=8DC53F844B16193610E3B1834442B8075102E321 ft=1 fh=e2647ee015d99512 vn="Variante von Win32/Toolbar.Besttoolbars.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SeeSimilar\BackgroundHost.exe.vir"

sh=DBD41390682C1DF0988DFD4685C436B262A15F78 ft=1 fh=8b81ebb19615de5f vn="Variante von Win64/Toolbar.Besttoolbars.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SeeSimilar\BackgroundHost64.exe.vir"

sh=172FD5D2E2D3572389FCDE96BDEE74D8C20C80EA ft=1 fh=6e6b84093913a829 vn="Win32/Toolbar.Besttoolbars.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SeeSimilar\BackgroundHostPS.dll.vir"

sh=6CCC63FE92FD7DF88848733FE65FD097B3987F08 ft=1 fh=fdd11b5a632af3ae vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SeeSimilar\ButtonSite.dll.vir"

sh=6B15DE53F1EA0350DB57D7C5D4AC10EFA08ACB67 ft=1 fh=97ff91e955440434 vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SeeSimilar\ButtonSite64.dll.vir"

sh=1977F2F0A49C992E60324A527A5887305D48E3D7 ft=1 fh=dc889aa2aa041916 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"

sh=FDC2EA51B5536494AF21F857A14411077B58EDBB ft=1 fh=04b58d39a0502cf7 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Installs\zaSetup_92_106_000_en.exe"

sh=364CBFF190D1CCF6D74C7CA2229B22668BE8F930 ft=1 fh=d946cca38a3f3c70 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\T410\Downloads\vlcmediaplayer-setup.exe"

Code:

 Results of screen317's Security Check version 0.99.91  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

Microsoft Security Essentials   

  (On Access scanning disabled!) 

 Error obtaining update status for antivirus!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 65  

 Java version 32-bit out of Date! 

 Adobe Reader XI  

 Mozilla Firefox 29.0.1 Firefox out of Date!  

 Google Chrome (39.0.2171.71) 

 Google Chrome (39.0.2171.95) 
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014

Ran by T410 (administrator) on T410-PC on 17-12-2014 22:23:12

Running from C:\Users\T410\Desktop

Loaded Profile: T410 (Available profiles: T410)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-06-20] (Lenovo.)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-05-29] (Synaptics Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)

HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)

HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-331670129-925724647-3591002109-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S1].txt [1238 2014-12-17] ()

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-331670129-925724647-3591002109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-331670129-925724647-3591002109-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-331670129-925724647-3591002109-1000 -> {1A6246B7-3879-4549-AB06-FBEBEA471F8D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\117m0ddf.default

FF NetworkProxy: "type", 4

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Extension: Hold Page 1.0.1 - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\117m0ddf.default\Extensions\{a16a1775-5ab3-4034-ac52-de0795db97f0}.xpi [2014-12-12]
 

Chrome: 

=======

CHR HomePage: Default -> 

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()

CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java(TM) Platform SE 7 U65) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Profile: C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]

CHR Extension: (YouTube) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]

CHR Extension: (Adblock for Youtube™) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-10-29]

CHR Extension: (Google-Suche) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]

CHR Extension: (Zotero Connector) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-12-05]

CHR Extension: (Google Wallet) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]

CHR Extension: (Google Mail) - C:\Users\T410\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

S2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)

S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-05] (Samsung Electronics) [File not signed]

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2010-04-26] (QUALCOMM Incorporated)

S3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)

S3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)

S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-17 22:13 - 2014-12-17 22:13 - 00852490 _____ () C:\Users\T410\Desktop\SecurityCheck.exe

2014-12-17 21:21 - 2014-12-17 21:21 - 02347384 _____ (ESET) C:\Users\T410\Desktop\esetsmartinstaller_deu.exe

2014-12-17 15:51 - 2014-12-17 15:51 - 00019278 _____ () C:\Users\T410\Desktop\Addition.txt

2014-12-17 15:50 - 2014-12-17 22:23 - 00009684 _____ () C:\Users\T410\Desktop\FRST.txt

2014-12-17 15:50 - 2014-12-17 22:23 - 00000000 ____D () C:\Users\T410\Desktop\FRST-OlderVersion

2014-12-17 15:47 - 2014-12-17 15:47 - 00001896 _____ () C:\Users\T410\Desktop\JRT.txt

2014-12-17 15:44 - 2014-12-17 15:44 - 01707646 _____ (Thisisu) C:\Users\T410\Desktop\JRT.exe

2014-12-17 15:42 - 2014-12-17 15:37 - 00017593 _____ () C:\Users\T410\Desktop\AdwCleaner[S0].txt

2014-12-17 15:33 - 2014-12-17 15:33 - 02166272 _____ () C:\Users\T410\Desktop\AdwCleaner_4.105.exe

2014-12-17 15:31 - 2014-12-17 15:31 - 00001196 _____ () C:\Users\T410\Desktop\mbam.txt

2014-12-17 15:11 - 2014-12-17 15:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\T410\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-15 20:44 - 2014-12-15 20:44 - 00026343 _____ () C:\ComboFix.txt

2014-12-15 20:37 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-15 20:37 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-15 20:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-15 20:37 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-15 20:34 - 2014-12-15 20:44 - 00000000 ____D () C:\Qoobox

2014-12-15 20:34 - 2014-12-15 20:43 - 00000000 ____D () C:\Windows\erdnt

2014-12-15 20:33 - 2014-12-15 20:33 - 05601641 ____R (Swearware) C:\Users\T410\Downloads\ComboFix.exe

2014-12-15 20:27 - 2014-12-15 20:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\T410\Downloads\revosetup95.exe

2014-12-15 20:27 - 2014-12-15 20:27 - 00001264 _____ () C:\Users\T410\Desktop\Revo Uninstaller.lnk

2014-12-15 20:27 - 2014-12-15 20:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-15 20:23 - 2014-12-15 20:23 - 00000000 __SHD () C:\Users\T410\AppData\Local\EmieBrowserModeList

2014-12-14 22:34 - 2014-12-14 22:34 - 00003288 ____N () C:\bootsqm.dat

2014-12-14 22:01 - 2014-12-14 22:01 - 00000000 ____D () C:\found.000

2014-12-14 18:59 - 2014-12-14 19:00 - 00031092 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche231_SuperpositionsVectorielSurMatriciel(2) (1).odt

2014-12-14 17:51 - 2014-12-14 17:51 - 00012299 _____ () C:\SuchlaufM.txt

2014-12-14 17:34 - 2014-12-14 17:34 - 00380416 _____ () C:\Users\T410\Downloads\Gmer-19357.exe

2014-12-14 17:31 - 2014-12-17 22:23 - 00000000 ____D () C:\FRST

2014-12-14 17:30 - 2014-12-17 22:23 - 02121216 _____ (Farbar) C:\Users\T410\Desktop\FRST64.exe

2014-12-14 17:26 - 2014-12-14 17:26 - 00050477 _____ () C:\Users\T410\Downloads\Defogger.exe

2014-12-14 17:00 - 2014-12-17 15:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-13 10:10 - 2014-12-13 10:10 - 00184587 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche421_Interpolation (1).odt

2014-12-12 23:16 - 2014-12-12 23:16 - 00493182 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche411_MNT-Hydro.odt

2014-12-12 23:14 - 2014-12-14 18:26 - 00070633 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche321_Géoréférencement-Digitalisation.odt

2014-12-12 22:57 - 2014-12-12 22:57 - 01071426 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections (1).odt

2014-12-12 20:30 - 2014-12-12 20:30 - 00054462 _____ () C:\Users\T410\Downloads\Programme_cours-2014-15.ods

2014-12-12 20:30 - 2014-12-12 20:30 - 00052203 _____ () C:\Users\T410\Downloads\Liste_fiches (1).ods

2014-12-12 19:56 - 2014-12-12 19:56 - 01176754 _____ () C:\Users\T410\Downloads\Fiche 1.2 carto theìmatique densiteì pop (1).odt

2014-12-12 18:58 - 2014-12-12 18:58 - 00027640 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche421_Interpolation.odt

2014-12-12 18:12 - 2014-12-12 18:12 - 00001824 _____ () C:\Users\T410\Desktop\GRASS GIS 6.4.4.lnk

2014-12-12 18:12 - 2014-12-12 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRASS GIS 6.4.4

2014-12-12 18:10 - 2014-12-12 18:17 - 00000000 ____D () C:\Users\T410\Documents\grassdata

2014-12-12 18:10 - 2014-12-12 18:12 - 00000000 ____D () C:\Program Files (x86)\GRASS GIS 6.4.4

2014-12-12 18:06 - 2014-12-12 18:09 - 85758714 _____ () C:\Users\T410\Downloads\WinGRASS-6.4.4-1-Setup.exe

2014-12-12 17:39 - 2014-12-12 17:39 - 01176754 _____ () C:\Users\T410\Downloads\Fiche 1.2 carto theìmatique densiteì pop.odt

2014-12-12 17:28 - 2014-12-12 17:28 - 00017883 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche12_CartoThématique (1).odt

2014-12-12 17:26 - 2014-12-12 17:26 - 01022303 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche11_CartoGénérale_DUES.odt

2014-12-12 17:07 - 2014-12-12 17:08 - 00424420 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche221_SuperpositionsMatricielles_DUES.odt

2014-12-12 16:53 - 2014-12-12 16:53 - 00129935 _____ () C:\Users\T410\Downloads\2.1.3.qgs

2014-12-12 16:50 - 2014-12-12 16:50 - 01071426 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections.odt

2014-12-12 16:49 - 2014-12-12 21:23 - 01285343 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche312_Projections-2.odt

2014-12-12 16:48 - 2014-12-12 16:48 - 00031092 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche231_SuperpositionsVectorielSurMatriciel(2).odt

2014-12-12 16:47 - 2014-12-12 16:47 - 00660242 _____ () C:\Users\T410\Downloads\fiche 2.1.3 Maude RESTEAU (1).odt

2014-12-12 15:50 - 2014-12-12 15:51 - 06916590 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche411_MNT-Hydro_Données.zip

2014-12-12 13:23 - 2014-12-12 13:23 - 00660242 _____ () C:\Users\T410\Downloads\fiche 2.1.3 Maude RESTEAU.odt

2014-12-12 13:19 - 2014-12-12 13:19 - 00000000 ____D () C:\Users\T410\AppData\Roaming\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000979 _____ () C:\Users\Public\Desktop\WinRAR.lnk

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-12 13:18 - 2014-12-12 13:18 - 00000000 ____D () C:\Program Files\WinRAR

2014-12-12 13:17 - 2014-12-12 13:17 - 02060888 _____ () C:\Users\T410\Downloads\winrar-x64-520d.exe

2014-12-12 13:11 - 2014-12-12 13:12 - 04692807 _____ () C:\Users\T410\Downloads\TP 3.1.1 Dues.tar.gz

2014-12-12 13:03 - 2014-12-12 13:03 - 00666789 _____ () C:\Users\T410\Downloads\fiche 2.1.3 a rendre.odt

2014-12-12 13:03 - 2014-12-12 13:03 - 00012705 _____ () C:\Users\T410\Downloads\fiche 2.1.3 schéma (1).odg

2014-12-12 12:58 - 2014-12-12 13:36 - 00724329 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche213_Interrogations-SuperpositionsVectorielles (2).odt

2014-12-12 12:52 - 2014-12-12 12:52 - 00017883 _____ () C:\Users\T410\Downloads\GEOGF211_TP_Fiche12_CartoThématique.odt

2014-12-12 12:35 - 2014-12-12 12:35 - 00000000 ____D () C:\Users\T410\AppData\Roaming\GRASS6

2014-12-12 12:33 - 2014-12-12 12:33 - 00052203 _____ () C:\Users\T410\Downloads\Liste_fiches.ods

2014-12-12 12:27 - 2014-12-14 16:56 - 00000000 ____D () C:\Users\T410\AppData\Roaming\FileZilla

2014-12-12 12:27 - 2014-12-12 12:27 - 00002000 _____ () C:\Users\T410\Desktop\FileZilla Client.lnk

2014-12-12 12:27 - 2014-12-12 12:27 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2014-12-12 12:26 - 2014-12-12 12:27 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

2014-12-12 12:26 - 2014-12-12 12:25 - 06126536 _____ (Tim Kosse) C:\Users\T410\Downloads\FileZilla_3.9.0.6_win32-setup [1].exe

2014-12-11 21:47 - 2014-12-14 20:51 - 00001408 _____ () C:\Users\T410\Desktop\Neues Textdokument.txt

2014-12-11 11:54 - 2014-12-11 11:54 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-11 04:41 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 04:41 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 17:22 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 17:22 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 17:22 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 17:22 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 17:22 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 17:22 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 17:22 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 17:22 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 17:22 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 17:22 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-10 17:22 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 17:22 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 17:22 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 17:22 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 17:22 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 17:22 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 17:22 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 17:22 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 17:22 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 17:22 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 17:22 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 17:22 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-10 17:22 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 17:22 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 17:22 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 17:22 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 17:22 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 17:22 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 17:21 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 17:21 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 17:21 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 17:21 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 16:55 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 16:55 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 16:55 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 16:53 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 16:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 16:53 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 16:48 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 16:48 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 16:48 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 16:48 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 16:48 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 16:48 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 16:48 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 16:48 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 16:48 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 16:48 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-05 16:54 - 2014-12-05 16:54 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk

2014-12-05 16:54 - 2014-12-05 16:54 - 00001155 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk

2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Zotero

2014-12-05 16:54 - 2014-12-05 16:54 - 00000000 ____D () C:\Users\T410\AppData\Local\Zotero

2014-12-05 16:53 - 2014-12-05 16:53 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone

2014-12-05 16:52 - 2014-12-05 16:53 - 35543712 _____ (Mozilla) C:\Users\T410\Downloads\Zotero-4.0.23_setup.exe

2014-12-03 17:55 - 2014-12-03 17:55 - 00019051 _____ () C:\Users\T410\Downloads\Abstract Syst.odt

2014-11-20 17:01 - 2014-11-21 17:25 - 00000000 ____D () C:\Users\T410\Desktop\Permaculture

2014-11-20 16:45 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-20 16:45 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-20 16:45 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-20 16:45 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-11-20 16:42 - 2014-12-17 15:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-20 16:42 - 2014-12-17 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-20 16:41 - 2014-12-17 15:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-20 16:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-20 16:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-20 16:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-20 16:38 - 2014-11-20 16:38 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\T410\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-20 14:24 - 2014-11-20 14:24 - 01249118 _____ () C:\Users\T410\Downloads\Projektplan_Wochentage_GO-1001-free.xlsx

2014-11-18 10:18 - 2014-11-18 10:19 - 00000010 _____ () C:\Users\T410\Desktop\orderin nr.txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-17 22:18 - 2013-08-13 19:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-17 22:18 - 2013-08-06 13:02 - 00036761 _____ () C:\Windows\setupact.log

2014-12-17 22:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-17 22:17 - 2010-11-21 04:47 - 00179370 _____ () C:\Windows\PFRO.log

2014-12-17 21:26 - 2013-08-05 14:33 - 01486821 _____ () C:\Windows\WindowsUpdate.log

2014-12-17 21:20 - 2011-04-12 08:43 - 00699190 _____ () C:\Windows\system32\perfh007.dat

2014-12-17 21:20 - 2011-04-12 08:43 - 00149330 _____ () C:\Windows\system32\perfc007.dat

2014-12-17 21:20 - 2009-07-14 06:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-17 16:02 - 2013-09-30 14:12 - 00000000 ____D () C:\AdwCleaner

2014-12-17 15:45 - 2013-10-01 10:14 - 00000000 ____D () C:\Windows\ERUNT

2014-12-17 15:05 - 2009-07-14 05:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-17 15:05 - 2009-07-14 05:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-15 20:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-15 20:40 - 2009-07-14 03:34 - 63700992 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-12-15 20:40 - 2009-07-14 03:34 - 22020096 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-12-15 20:40 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-12-15 20:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-12-15 20:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-12-15 20:16 - 2013-08-13 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-14 22:38 - 2013-08-13 19:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-14 19:12 - 2013-08-13 19:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-14 18:02 - 2013-12-06 12:24 - 00000000 ____D () C:\Bilder

2014-12-14 17:11 - 2013-08-13 19:31 - 00000000 ____D () C:\Users\T410\AppData\Local\Adobe

2014-12-14 17:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration

2014-12-14 10:16 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini

2014-12-13 20:12 - 2014-09-26 10:29 - 00000000 ____D () C:\Users\T410\.qgis2

2014-12-13 19:29 - 2013-12-01 02:52 - 00000000 ____D () C:\Users\T410\AppData\Roaming\vlc

2014-12-13 14:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2014-12-12 15:45 - 2013-10-03 13:51 - 00000000 ____D () C:\Users\T410\Desktop\UNI

2014-12-12 13:26 - 2014-10-17 10:07 - 00702572 _____ () C:\Users\T410\Desktop\zones d'intérêts culturel et et des zones d'intérêt paysager sous risque moyen ou élevé d'inondation.jpeg

2014-12-11 22:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-11 21:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-12-11 11:57 - 2013-08-13 22:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-11 11:54 - 2014-05-08 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-11 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-11 08:49 - 2013-08-06 10:53 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 04:52 - 2013-08-05 15:55 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 19:32 - 2013-09-30 20:21 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Skype

2014-12-10 13:38 - 2013-08-13 19:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 13:38 - 2013-08-13 19:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 13:38 - 2013-08-13 19:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-01 19:18 - 2014-11-06 20:00 - 00000000 ____D () C:\Users\T410\Desktop\MÉMOIRE

2014-11-25 21:22 - 2013-08-06 09:43 - 00000000 ____D () C:\Windows\System32\Tasks\TVT

2014-11-21 19:09 - 2014-11-04 19:52 - 00013866 _____ () C:\Users\T410\Desktop\horaire stage.ods

2014-11-21 17:25 - 2013-10-09 22:08 - 00000000 ___RD () C:\Musik

2014-11-21 16:25 - 2014-05-25 22:43 - 00000000 ____D () C:\Users\T410\Desktop\kritische Theorie und Ökologie

2014-11-21 16:24 - 2014-10-11 10:55 - 00000000 ____D () C:\Users\T410\Desktop\QGIS & co

2014-11-21 16:24 - 2014-05-03 09:40 - 00000000 ____D () C:\Users\T410\Desktop\STOFF
 

Some content of TEMP:

====================

C:\Users\T410\AppData\Local\temp\Quarantine.exe

C:\Users\T410\AppData\Local\temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-05 16:43
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Leider immer noch das selbe Problem...

Java updaten.

FRST bitte aus dem normalen Modus laufen lassen. Popups in allen Browsern?

Java update konnte aus dem abgesicherten Modus nicht vollständig ausgeführt werden.

In den normalen Modus komme ich leider immer noch nicht: selbes Problem --> explorer.exe - Anwendungsfehler... schwarzer Bildschirm...

http://www.deeprybka.trojaner-board....r/wraioneu.PNG

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

http://deeprybka.trojaner-board.de/b...srepair271.png

Problem besteht leider weiterhin...

Kommt das im normalen Modus vor oder nach der Benutzeranmeldung? Win DVD zur Hand?