Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe ich habe mir was gefangen:chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html (https://www.trojaner-board.de/162778-hilfe-habe-mir-gefangen-chrome-extension-flliilndjeohchalpbbcdekjklbdgfkk-html-blocked-html.html)

bastifantast 14.01.2015 18:00
Hilfe ich habe mir was gefangen:chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
 
Hallo liebes Forum,

ich habe seit zwei Tagen das Phänomen das mein Rechner deutlich länger braucht um eine Verbindung zum Wlan aufzubauen und auch langsamer hochfährt.

Wenn ich bei Google Chrome surfe öffnet sich nach einer zeit immer ein zweiter tab welcher von Avira geblockt wird.Das ganze sieht dann so aus :

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html

Wie bekomme ich den mist weg oder kann ich den rechner vergessen und muss ihn formatieren...

Ich hoffe hier kann mir jemand helfen.

deeprybka 14.01.2015 18:04
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

bastifantast 14.01.2015 18:09
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by x (administrator) on X-THINK on 14-01-2015 18:04:07
Running from C:\Users\x\Downloads
Loaded Profile: x (Available profiles: x)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\x\AppData\Local\ContextTrue\nvhlpr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Dropbox, Inc.) C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(SIEMENS AG) C:\Program Files (x86)\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(SIEMENS AG) C:\Program Files (x86)\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Common Files\Siemens\SQLANY\dbsrv9.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SIEMENS AG) C:\Program Files (x86)\Siemens\Step7\S7BIN\s7hspsvx.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\pniomgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\WINDOWS\SYSTEM32\TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [S7UB Start] => C:\Program Files (x86)\Common Files\Siemens\S7ubtoox\s7ubtstx.exe [102453 2010-06-03] (SIEMENS AG)
HKLM-x32\...\Run: [mbot_de_383] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Run: [Personal ID] => C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2014-07-05] (coolspot AG, Düsseldorf)
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Run: [nvhlpr] => C:\Users\x\AppData\Local\ContextTrue\nvhlpr.exe [601584 2014-07-11] ()
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\MountPoints2: {3817047a-c21c-11e3-a9ed-f2fa1ef35d4c} - G:\SETUP.EXE
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {931BC5E7-4222-4C37-8C7B-5B13E65BBEB4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM-x32 -> {6DB94B0A-C3BF-413E-A0D0-FF8C210C7D58} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004 -> {998432D3-902D-4E81-AFDB-0DA7EC43EFD0} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Lenovo ThinkVantage Toolbox - {D5F11930-C4B8-4248-88C3-43621271B3FA} - C:\Program Files\PC-Doctor\ATLPcdToolbar.dll (PC-Doctor, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\fqkiMcMH.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\fqkiMcMH.default\Extensions\abs@avira.com [2015-01-11]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-02-28]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\x\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13]
CHR Extension: (YouTube) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]
CHR Extension: (Adblock Plus) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-13]
CHR Extension: (Google-Suche) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]
CHR Extension: (Avira Browserschutz) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-13]
CHR Extension: (Click&Clean) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Google Mail) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [1542792 2011-10-28] (SIEMENS AG) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-06-24] (Lenovo.)
S3 EPLAN Client Service; C:\Program Files\EPLAN\Common\EClientService.exe [549800 2014-03-03] (EPLAN Software & Service GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MSSQL$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 MSSQL$PCOMMERCIAL_1; C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S4 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6807656 2009-10-27] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [331512 2009-12-08] (QUALCOMM, Inc.)
R2 s7hspsvx; C:\Program Files (x86)\Siemens\Step7\s7bin\s7hspsvx.exe [61493 2011-10-31] (SIEMENS AG) [File not signed]
R2 s7oiehsx64; C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [139864 2011-11-03] (SIEMENS AG)
R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [229976 2011-11-03] (SIEMENS AG)
S4 SQLAgent$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S4 SQLAgent$PCOMMERCIAL_1; C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 dpmconv; C:\Windows\System32\DRIVERS\dpmconv.sys [259072 2011-04-19] (SIEMENS AG)
S3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
S3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2009-12-08] (QUALCOMM Incorporated)
S3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [240640 2009-12-08] (QUALCOMM Incorporated)
S3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [121216 2009-12-08] (QUALCOMM Incorporated)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R3 s7odpx2x64; C:\Windows\System32\DRIVERS\s7odpx2x64.sys [71168 2011-10-20] (SIEMENS AG)
R3 s7oppinx64; C:\Windows\System32\DRIVERS\s7oppinx64.sys [107520 2011-10-20] (SIEMENS AG)
R3 s7oserix64; C:\Windows\System32\Drivers\s7oserix64.sys [121344 2011-05-06] (SIEMENS AG)
R3 s7osmcax64; C:\Windows\System32\DRIVERS\s7osmcax64.sys [195584 2011-09-29] (SIEMENS AG)
R3 s7osobux64; C:\Windows\System32\DRIVERS\s7osobux64.sys [152576 2011-05-06] (SIEMENS AG)
R3 s7otmcd64x; C:\Windows\System32\Drivers\s7otmcd64x.sys [199680 2011-05-06] (SIEMENS AG)
R3 s7otranx64; C:\Windows\System32\DRIVERS\s7otranx64.sys [260096 2011-05-06] (SIEMENS AG)
R3 s7otsadx64; C:\Windows\System32\DRIVERS\s7otsadx64.sys [192000 2011-09-29] (SIEMENS AG)
S3 s7oupc2x64; C:\Windows\System32\DRIVERS\s7oupc2x64.sys [28672 2011-09-29] (SIEMENS AG) [File not signed]
R2 s7ousbu64x; C:\Windows\System32\DRIVERS\s7ousbu64x.sys [193024 2011-09-29] (SIEMENS AG)
R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [83032 2011-06-16] (SIEMENS AG)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [179288 2011-10-11] (SIEMENS AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada.sys [120832 2011-04-19] (SIEMENS AG)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 18:04 - 2015-01-14 18:04 - 00026105 _____ () C:\Users\x\Downloads\FRST.txt
2015-01-14 18:03 - 2015-01-14 18:04 - 00000000 ____D () C:\FRST
2015-01-14 18:03 - 2015-01-14 18:03 - 02124288 _____ (Farbar) C:\Users\x\Downloads\FRST64.exe
2015-01-14 16:57 - 2015-01-14 16:57 - 02191360 _____ () C:\Users\x\Downloads\AdwCleaner_4.107 (1).exe
2015-01-13 19:34 - 2015-01-13 19:34 - 00000000 ____D () C:\Users\x\Documents\ProcAlyzer Dumps
2015-01-13 19:31 - 2015-01-13 19:31 - 00000340 _____ () C:\Users\x\Downloads\ClickClean-v8.4-Options.json
2015-01-13 18:56 - 2015-01-13 18:57 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\x\Downloads\spybot-2.4.exe
2015-01-13 18:51 - 2015-01-13 18:51 - 00000000 ____D () C:\Users\x\AppData\Roaming\ProductData
2015-01-13 18:50 - 2015-01-13 18:51 - 00000000 ____D () C:\ProgramData\IObit
2015-01-13 18:50 - 2015-01-13 18:50 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-13 18:49 - 2015-01-13 18:50 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-13 18:49 - 2015-01-13 18:49 - 00000000 ____D () C:\Users\x\AppData\Roaming\IObit
2015-01-13 18:48 - 2015-01-13 18:49 - 17086240 _____ (IObit) C:\Users\x\Downloads\iobituninstaller41.exe
2015-01-13 18:46 - 2015-01-13 18:49 - 132469808 _____ (AVAST Software) C:\Users\x\Downloads\avast_free_antivirus_setup_10.2208.712 (1).exe
2015-01-13 18:40 - 2015-01-13 18:40 - 00001645 _____ () C:\Users\x\Downloads\software_removal_tool.log
2015-01-13 18:17 - 2015-01-13 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-13 16:29 - 2015-01-13 16:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 16:28 - 2015-01-13 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-13 16:19 - 2015-01-13 16:19 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\x\Downloads\SpyHunter-Installer.exe
2015-01-13 16:16 - 2015-01-13 16:16 - 00880784 _____ (Google Inc.) C:\Users\x\Downloads\ChromeSetup.exe
2015-01-11 13:37 - 2015-01-11 13:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-11 13:35 - 2015-01-11 13:35 - 00000000 ____D () C:\Users\x\AppData\Roaming\Mozilla
2015-01-11 13:34 - 2015-01-11 13:34 - 00000000 ____D () C:\Users\x\AppData\Roaming\Avira
2015-01-11 13:28 - 2015-01-11 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-11 13:26 - 2015-01-11 13:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-11 13:26 - 2015-01-11 13:35 - 00000000 ____D () C:\ProgramData\Avira
2015-01-11 13:26 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-11 13:26 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-11 13:26 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-11 13:08 - 2015-01-11 13:08 - 02191360 _____ () C:\Users\x\Downloads\adwcleaner_4.107.exe
2015-01-11 13:05 - 2015-01-11 13:07 - 87836524 _____ (AVAST Software) C:\Users\x\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-01-11 12:58 - 2015-01-14 17:26 - 00154998 _____ () C:\Windows\PFRO.log
2015-01-11 12:58 - 2015-01-14 17:26 - 00000784 _____ () C:\Windows\setupact.log
2015-01-11 12:58 - 2015-01-11 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 12:57 - 2015-01-11 12:57 - 00000000 ____D () C:\Users\Public\Documents\Siemens
2015-01-11 12:52 - 2015-01-11 12:53 - 00000000 ____D () C:\Users\x\Documents\Reg
2015-01-11 11:37 - 2015-01-11 11:42 - 154051656 _____ () C:\Users\x\Downloads\avira_free_antivirus468_de.exe
2015-01-11 11:33 - 2015-01-11 11:33 - 00000000 _____ () C:\autoexec.bat
2015-01-03 15:06 - 2015-01-14 17:26 - 00001322 _____ () C:\Windows\Tasks\SBPJHU.job
2015-01-03 15:06 - 2015-01-03 15:06 - 00004338 _____ () C:\Windows\System32\Tasks\SBPJHU
2015-01-03 15:05 - 2015-01-14 17:26 - 00001318 _____ () C:\Windows\Tasks\XIQF.job
2015-01-03 15:05 - 2015-01-03 15:05 - 00004334 _____ () C:\Windows\System32\Tasks\XIQF
2015-01-03 15:02 - 2015-01-13 16:49 - 00000000 ____D () C:\Users\x\AppData\Local\ContextTrue
2015-01-03 15:02 - 2015-01-03 15:02 - 00003078 _____ () C:\Windows\System32\Tasks\upfs7235
2015-01-02 16:59 - 2015-01-02 16:59 - 00000000 ____D () C:\Users\x\AppData\Local\freecad
2015-01-02 13:16 - 2015-01-02 13:20 - 00000000 ____D () C:\Users\x\AppData\Roaming\FreeCAD
2015-01-02 13:15 - 2015-01-02 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.14
2015-01-02 13:15 - 2015-01-02 13:15 - 00000682 _____ () C:\Users\x\Desktop\FreeCAD.lnk
2014-12-26 13:35 - 2014-12-26 13:35 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 13:21 - 2014-12-26 13:21 - 00000000 ____D () C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 12:55 - 2014-12-26 12:55 - 00000000 ____D () C:\Windows\UbiSoft
2014-12-26 12:43 - 2014-12-26 12:43 - 00000000 ____D () C:\Users\x\AppData\Roaming\TuneUp Software
2014-12-26 12:43 - 2014-12-26 12:43 - 00000000 ____D () C:\Users\x\AppData\Local\TuneUp Software
2014-12-26 12:42 - 2014-12-26 12:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-26 12:42 - 2014-12-26 12:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-12-26 12:41 - 2014-12-26 12:43 - 00000000 ____D () C:\Users\x\AppData\Roaming\IHlpr
2014-12-20 18:10 - 2014-07-10 11:23 - 00083632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$KNXETS4-sqlctr10.52.4033.0.dll
2014-12-20 18:10 - 2014-07-10 11:22 - 00089264 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$KNXETS4-sqlctr10.52.4033.0.dll
2014-12-20 12:42 - 2014-12-20 12:42 - 00002153 _____ () C:\Users\Public\Desktop\SEE Electrical V7.lnk
2014-12-20 12:42 - 2014-12-20 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IGE+XAO
2014-12-20 08:28 - 2014-12-20 08:28 - 00002429 _____ () C:\Users\Public\Desktop\ETS4.lnk
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNX
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\Elka Shared
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\Program Files (x86)\ETS4
2014-12-20 08:22 - 2014-12-20 09:09 - 00000000 ____D () C:\Users\x\AppData\Local\KNX
2014-12-20 08:19 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\KNX
2014-12-20 08:19 - 2014-12-20 08:19 - 00000000 ____D () C:\Program Files (x86)\Ets3PlugIn
2014-12-20 08:10 - 2014-12-20 08:13 - 00000000 ____D () C:\Windows\SysWOW64\js
2014-12-20 08:10 - 2014-12-20 08:13 - 00000000 ____D () C:\Windows\SysWOW64\html
2014-12-20 08:10 - 2014-12-20 08:13 - 00000000 ____D () C:\Windows\SysWOW64\css
2014-12-20 08:10 - 2014-12-20 08:10 - 00000000 ____D () C:\Windows\SysWOW64\prompting
2014-12-20 08:10 - 2014-12-20 08:10 - 00000000 ____D () C:\Windows\SysWOW64\images
2014-12-20 08:10 - 2014-12-20 08:10 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-12-20 08:07 - 2012-06-29 01:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-12-20 08:07 - 2012-06-29 01:17 - 00086984 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-12-20 08:02 - 2014-12-20 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-12-20 07:57 - 2014-12-20 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2014-12-17 19:33 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:33 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 17:52 - 2014-04-14 17:01 - 00000000 ____D () C:\Program Files (x86)\Gossen-Metrawatt
2015-01-14 17:46 - 2012-11-26 20:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 17:34 - 2010-01-22 11:59 - 00846638 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 17:34 - 2010-01-22 11:59 - 00204870 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 17:34 - 2009-07-14 06:13 - 02022396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 17:34 - 2009-07-14 05:45 - 00025744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 17:34 - 2009-07-14 05:45 - 00025744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 17:33 - 2010-01-22 03:07 - 02037942 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 17:27 - 2014-02-19 21:18 - 00000000 ___RD () C:\Users\x\Dropbox
2015-01-14 17:27 - 2014-02-19 21:12 - 00000000 ____D () C:\Users\x\AppData\Roaming\Dropbox
2015-01-14 17:27 - 2014-02-19 19:16 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 17:26 - 2014-06-13 16:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 17:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 17:25 - 2014-06-13 16:10 - 00000000 ____D () C:\AdwCleaner
2015-01-14 17:22 - 2014-02-19 19:16 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 16:56 - 2014-07-01 20:36 - 00000085 _____ () C:\Windows\wininit.ini
2015-01-14 16:56 - 2014-06-13 16:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 20:00 - 2010-01-22 03:42 - 00000340 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-13 18:29 - 2012-11-26 20:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 18:29 - 2012-11-26 20:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 18:29 - 2012-11-26 20:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 18:28 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\x\AppData\Local\Adobe
2015-01-13 18:17 - 2014-02-19 19:16 - 00000000 ____D () C:\Users\x\AppData\Local\Google
2015-01-13 18:17 - 2014-02-19 19:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 16:56 - 2014-02-28 17:44 - 00000000 ____D () C:\Users\x\AppData\Roaming\vlc
2015-01-13 16:17 - 2014-02-19 19:16 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 16:17 - 2014-02-19 19:16 - 00003844 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-11 13:48 - 2014-06-19 10:17 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-11 12:42 - 2014-08-01 16:17 - 00000000 ____D () C:\Users\x\AppData\Roaming\Winamp
2015-01-11 12:42 - 2014-04-30 17:20 - 00000000 ____D () C:\Windows\Minidump
2015-01-11 11:33 - 2011-08-17 23:50 - 00000000 ____D () C:\Users\x
2015-01-03 15:14 - 2010-01-22 03:40 - 00000000 ____D () C:\Program Files (x86)\AT&T
2015-01-03 15:13 - 2014-03-12 19:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-03 15:11 - 2011-08-17 23:51 - 00000998 _____ () C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 15:07 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-03 15:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-03 15:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-02 11:23 - 2014-02-21 08:42 - 00000000 ____D () C:\Users\x\AppData\Roaming\Skype
2014-12-26 12:33 - 2014-02-28 19:42 - 00000000 ____D () C:\Users\x\.gimp-2.8
2014-12-26 12:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 10:44 - 2014-11-02 15:04 - 00000000 ____D () C:\Users\x\AppData\Local\PokerStars.EU
2014-12-26 10:44 - 2014-11-02 15:03 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-12-20 18:02 - 2010-01-22 04:01 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-20 18:02 - 2010-01-22 04:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5008.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5006.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5005.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5004.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5002.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5001.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1100.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1010.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1001.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1000.ini
2014-12-20 12:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-12-20 08:15 - 2009-07-14 03:34 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-12-20 08:04 - 2014-10-14 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-12-20 08:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-20 08:00 - 2014-10-14 18:31 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-12-20 08:00 - 2014-10-14 18:31 - 00000000 ____D () C:\Windows\system32\1033
2014-12-19 17:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\x\AppData\Local\Temp\avgnt.exe
C:\Users\x\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcsvhca.dll
C:\Users\x\AppData\Local\Temp\Quarantine.exe
C:\Users\x\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-19 17:25

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by x at 2015-01-14 18:05:08
Running from C:\Users\x\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Active@ File Recovery Professional 12 (HKLM\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 12 - LSoft Technologies Inc)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)
AT&T Service Activation (HKLM-x32\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
ContextTrue (HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\ContextTrue) (Version:  - )
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.4.0 - )
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dropbox (HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Elektronischer Magnetplaner (HKLM-x32\...\magnet) (Version:  - )
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.2 - Lenovo Group Limited)
EPLAN Education 2.3 (HKLM-x32\...\EPLAN Education 2.3) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Education 2.3 (x32 Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG) Hidden
EPLAN Help de-DE 2.3 (HKLM-x32\...\{098E9513-C101-479F-A492-12300DE3B2DD}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN License Client (HKLM-x32\...\{0100BD88-3990-431F-9175-AB60E31AFFDE}) (Version: 9.1.11.44101 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Platform 2.3 (HKLM-x32\...\{E31472AD-7381-4A37-AB5B-18379C35A336}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Trial Education Data 2.3 (HKLM-x32\...\{E330FDB1-CC1B-4E02-8E26-4D3D4F74212F}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
Framework PCSoft (HKLM-x32\...\{F23EF286-3554-45EF-A65D-6218EB1DBE37}) (Version: 1.00.0000 - hager)
Free Billiards 2008 (HKLM-x32\...\Free Billiards 2008_is1) (Version:  - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video to MP3 Converter version 5.0.52.1111 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.52.1111 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hager prerequisites (HKLM-x32\...\{98C64AD3-6A1D-4737-9ED8-06A73741550C}) (Version: 1.00.0000 - hager)
Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.172 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.172 - InterVideo Inc.) Hidden
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster3_is1) (Version: 3.3 - Smart Projects)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KNX eteC Falcon Runtime v2.1 (x32 Version: 2.1.5213.27900 - KNX Association cvba) Hidden
KNX ETS4 (HKLM-x32\...\KNX ETS4) (Version: 4.1.3614.46489 - KNX Association cvba)
KNX ETS4 (x32 Version: 4.1.3614.46489 - KNX Association cvba) Hidden
KNX ETS4 Additional Runtime (x32 Version: 4.0.0.0 - KNX Association cvba) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5396.31 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0003.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
LOGO!Soft Comfort V7.0  (HKLM\...\LOGO!Soft Comfort V7.0 ) (Version: 7.0.0.0 - Siemens AG)
LOGO!Soft Comfort V7.1  (HKLM\...\LOGO!Soft Comfort V7.1 ) (Version: 7.1.0.0 - Siemens AG)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Mobile Broadband Connect (HKLM-x32\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.0.0.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Personal ID (HKLM-x32\...\{F722209B-739E-40E4-ADB1-062BD032A0DB}) (Version: 1.8.5.202 - coolspot AG)
PKZIP Server for Windows 12.40.0008 (HKLM-x32\...\{134A51EB-1BBB-4249-BAF5-494C3D186A06}) (Version: 12.40.0008 - PKWARE, Inc)
Qualcomm Gobi 2000 Package for Lenovo (HKLM-x32\...\{6CA29A45-EF6D-4F73-997E-7CE03DBD4B69}) (Version: 1.1.80 - QUALCOMM)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Screen Antics 2.1 (HKLM-x32\...\Screen Antics) (Version: 2.1 - Jaap van Wingerden)
SEE Electrical V7 (HKLM-x32\...\{640A67B2-2CE3-4980-89FF-CFBBBC051D3E}) (Version: 7.10.4141 - IGE+XAO)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Siemens Automation License Manager (Version: 05.01.0100 - Siemens AG) Hidden
Siemens Automation License Manager V5.1 + SP1  (HKLM\...\{8D2E0408-8D61-4A53-B0DB-2AD670A38624}LicenseManager) (Version: 05.01.0100 - Siemens AG)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{F1412D98-F30E-49EF-9566-4E0A59835725}) (Version: 6.2.00 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_2 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_2) (HKLM-x32\...\{86AF14D7-1617-41D6-A930-8CB5B6E85797}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
SIMATIC  STEP 7 (x32 Version: 05.05.0200 - Siemens AG) Hidden
SIMATIC  STEP 7 V5.5 + SP2 Professional 2010 SR2  (HKLM-x32\...\{7B427E8E-F76D-4C8C-B155-7F24DF46DB67}STEP7) (Version: 05.05.0200 - Siemens AG)
SIMATIC Device Drivers (Version: 01.00.0200 - Siemens AG) Hidden
SIMATIC NCM FWL 64 (Version: 05.05.0100 - Siemens AG) Hidden
SIMATIC PLCSIM 64 (Version: 01.00.0001 - Siemens AG) Hidden
SIMATIC S7-GRAPH (x32 Version: 05.03.0700 - Siemens AG) Hidden
SIMATIC S7-GRAPH V5.3 + SP7 Professional 2010 SR2  (HKLM-x32\...\{4FF24C45-A4EE-4A99-B287-E3468EC41CBD}S7GRAPH) (Version: 05.03.0700 - Siemens AG)
SIMATIC S7-PCT (x32 Version: 02.03.0000 - Siemens AG) Hidden
SIMATIC S7-PCT V2.3 Professional 2010 SR2  (HKLM-x32\...\{06AF0F82-E926-48A6-8C5F-ECB195DB2CB4}S7PCT) (Version: 02.03.0000 - Siemens AG)
SIMATIC S7-PLCSIM (x32 Version: 5.4.0502 - Siemens AG) Hidden
SIMATIC S7-PLCSIM V5.4 + SP5 + Upd2 Professional 2010 SR2  (HKLM-x32\...\{1CBF27F6-24A4-488D-940A-678F1C691C49}PLCSim) (Version: 5.4.0502 - Siemens AG)
SIMATIC S7-SCL (x32 Version: 5.3.6.0 - Siemens AG) Hidden
SIMATIC S7-SCL V5.3 + SP6 Professional 2010 SR2  (HKLM-x32\...\{5B1B0682-EEC6-4EDD-BAB0-3FEC2E55090D}SCL) (Version: 5.3.6.0 - Siemens AG)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}) (Version: 2.50 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Intel (e1kexpress) Net  (12/01/2009 11.5.7.0) (HKLM\...\B65F6B58F0E37352721284FE7F009532B5DF1D2C) (Version: 12/01/2009 11.5.7.0 - Intel)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader  (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
ZPlan (HKLM-x32\...\{B8A8AF33-800B-49DC-AF54-EE642A3C3066}) (Version: 1.0.1407.1107 - Hager)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C60B7FB-264C-4E33-99CD-590CC997F3E9} - System32\Tasks\LaunchCSS => C:\PROGRAM FILES\LENOVO\CLIENT SECURITY SOLUTION\cssauth.exe [2011-06-10] (Lenovo Group Limited)
Task: {1B8A97AE-4C2B-4F23-A2B3-5C8DCAEAB435} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {22F1B871-8A53-459B-9B85-43DAA0FAF3EB} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe
Task: {4049BA40-48F7-4094-BC5C-3E70E5AA1B73} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {442F485E-EA55-4B7E-986E-36258DD7F108} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-11-14] (PC-Doctor, Inc.)
Task: {461FD748-1A4C-49FE-A8A6-69CE7BE0BD88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-06-24] (Lenovo Group Limited)
Task: {4EBB852E-0896-4BA5-981C-F503772C9CFC} - System32\Tasks\{790C4479-9298-4EE6-A9DA-E746E08AFEB4} => pcalua.exe -a "F:\Step 7\s7sp5\Install\CD_1\STEP7\Disk1\s7sdd\setup.exe" -d "F:\Step 7\s7sp5\Install\CD_1\STEP7\Disk1\s7sdd"
Task: {518E63E5-969D-4E50-9E3E-9295034DE576} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {541D5419-5629-4055-AD17-667F38D626BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {5A847B5C-133C-42F1-98B4-4E7B94B6C0D8} - System32\Tasks\{173C887B-C621-4993-B5E3-F42CBBFA2C16} => pcalua.exe -a "F:\Step 7\treiber\Setup.exe" -d "F:\Step 7\treiber"
Task: {604C4976-CA2E-447C-AB01-0F833CDF6A76} - System32\Tasks\TVT\LaunchRnR
Task: {6C3F27FF-643D-4B08-A50C-FFFA0A997BB0} - System32\Tasks\SBPJHU => C:\Users\x\AppData\Roaming\SBPJHU.exe <==== ATTENTION
Task: {6E0C6309-52EB-4146-B1EE-20D773168A6B} - System32\Tasks\{011EADE2-F8CF-44A7-B34A-7AC4ADF9144C} => pcalua.exe -a "F:\Caddy++\CADdy++ Elektrotechnik v3.80 Full - enterprise\SETUP.EXE" -d "F:\Caddy++\CADdy++ Elektrotechnik v3.80 Full - enterprise"
Task: {864F4FDC-6429-4ABC-8EF3-E1384023F359} - System32\Tasks\XIQF => C:\Users\x\AppData\Roaming\XIQF.exe <==== ATTENTION
Task: {A1CA3234-25AB-4241-9A9D-844234792DD3} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {AAA34DF5-45A2-4EC3-A462-1A266EDC7D17} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {D1169947-CA98-4990-BE71-C7266F1D1C50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {D1307042-72D6-473F-A8E5-808C1FD7C2C1} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {DA5D448C-36C1-4185-A4BA-793CC9E6D61B} - System32\Tasks\{AB11FA6C-9A14-4B7D-B927-93AA27D4DDBA} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618
Task: {DE0141DF-F7D6-458A-B529-6D8BCA52D335} - System32\Tasks\{033A4634-0BB0-4915-9214-ED93BA6B9585} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {E6521F03-247B-437E-B3CE-70B2EF2435AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {E745C36E-47E1-40C8-AF9C-CD523DE97462} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E7D540B0-12B9-40CC-A5AD-558559632742} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdlauncher.exe [2009-11-14] (PC-Doctor, Inc.)
Task: {EE38804D-6F3A-4917-BE75-EC842ED33683} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdlauncher.exe
Task: C:\Windows\Tasks\SBPJHU.job => C:\Users\x\AppData\Roaming\SBPJHU.exe <==== ATTENTION
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
Task: C:\Windows\Tasks\XIQF.job => C:\Users\x\AppData\Roaming\XIQF.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-22 03:20 - 2014-06-24 05:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-03-10 00:43 - 2011-03-10 00:43 - 00774144 _____ () C:\Program Files\Common Files\Siemens\SWS\PlugIns\SCP\Scpwin64.dll
2012-11-22 16:23 - 2011-02-22 18:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-11 13:17 - 2014-07-11 13:17 - 00601584 _____ () C:\Users\x\AppData\Local\ContextTrue\nvhlpr.exe
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2011-06-14 17:24 - 2011-06-14 17:24 - 00824320 _____ () C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\sn_regbase.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 01408328 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-13 18:17 - 2014-12-06 02:17 - 10689352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 01856840 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-14 17:27 - 2015-01-14 17:27 - 00043008 _____ () c:\users\x\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcsvhca.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-06-14 17:24 - 2011-06-14 17:24 - 00749568 _____ () C:\Windows\SysWOW64\sn_regbase.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NVIDIA Performance Driver Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMwareHostd => 2
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-2150921082-4187140661-4272968030-500 - Administrator - Disabled)
Gast (S-1-5-21-2150921082-4187140661-4272968030-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2150921082-4187140661-4272968030-1007 - Limited - Enabled)
x (S-1-5-21-2150921082-4187140661-4272968030-1004 - Administrator - Enabled) => C:\Users\x

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 08:47:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/13/2015 08:47:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/13/2015 08:47:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/13/2015 08:47:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/13/2015 08:47:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/13/2015 08:47:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/13/2015 06:00:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.95, Zeitstempel: 0x548243f3
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1cc4
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (01/13/2015 05:59:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.95, Zeitstempel: 0x548243f3
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xd6c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (01/13/2015 05:52:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.95, Zeitstempel: 0x548243f3
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x18b0
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (01/13/2015 05:51:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.95, Zeitstempel: 0x548243f3
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1970
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3


System errors:
=============
Error: (01/14/2015 05:28:19 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/14/2015 05:26:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (01/14/2015 05:26:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (01/14/2015 05:26:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (01/14/2015 05:25:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ThinkVantage Registry Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/14/2015 05:25:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/14/2015 05:25:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IviRegMgr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/14/2015 05:25:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Power Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/14/2015 05:25:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/14/2015 05:25:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/25/2014 06:40:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 37%
Total physical RAM: 7987.67 MB
Available physical RAM: 5009.66 MB
Total Pagefile: 15973.52 MB
Available Pagefile: 12126.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:108.18 GB) (Free:37.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SYSTEM_DRV) (Fixed) (Total:1.27 GB) (Free:0.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:9.79 GB) (Free:2.07 GB) NTFS
Drive f: (Daten) (Fixed) (Total:698.46 GB) (Free:672.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 0F78C1BF)
Partition 1: (Not Active) - (Size=1.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=108.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: F7199A90)
Partition 2: (Active) - (Size=698.6 GB) - (Type=OF Extended)

==================== End Of Log ============================

deeprybka 14.01.2015 18:36
Hi,

Schritt 1

Echtzeitschutz des Virenscanners abschalten.

http://www.deeprybka.trojaner-board.de/zoek/avira.gif

Schritt 2
http://deeprybka.trojaner-board.de/b...s/combofix.pngScan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

bastifantast 14.01.2015 20:17
Noch eine Frage. Reicht es wenn ich bei avira den Echtzeitscan deaktiviere oder wie bekomme ich das sonst aus. Das Programm was du mir genannt hast läuft bis da steht: fertiggestellt Stufe 4 und seitdem warte ich.

deeprybka 14.01.2015 20:20
Wie beschrieben den Echtzeitschutz abschalten. Wenn die Windowsuhr weiterläuft, dann hat sich nichts aufgehängt, also warten...:)

bastifantast 14.01.2015 21:20
Code:
ComboFix 15-01-08.01 - x 14.01.2015  20:12:25.3.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.7988.5873 [GMT 1:00]
ausgeführt von:: c:\users\x\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\users\x\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\IsUn0407.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\Direction\backward.gif
c:\windows\SysWow64\images\Direction\backward_disabled.gif
c:\windows\SysWow64\images\Direction\down.gif
c:\windows\SysWow64\images\Direction\end.gif
c:\windows\SysWow64\images\Direction\end_disabled.gif
c:\windows\SysWow64\images\Direction\fastbackward.gif
c:\windows\SysWow64\images\Direction\fastbackward_disabled.gif
c:\windows\SysWow64\images\Direction\fastforward.gif
c:\windows\SysWow64\images\Direction\fastforward_disabled.gif
c:\windows\SysWow64\images\Direction\forward.gif
c:\windows\SysWow64\images\Direction\forward_disabled.gif
c:\windows\SysWow64\images\Direction\goto.gif
c:\windows\SysWow64\images\Direction\goto_disabled.gif
c:\windows\SysWow64\images\Direction\start.gif
c:\windows\SysWow64\images\Direction\start_disabled.gif
c:\windows\SysWow64\images\Direction\up.gif
c:\windows\SysWow64\images\misc\bell.gif
c:\windows\SysWow64\images\toolbar\addallfield.gif
c:\windows\SysWow64\images\toolbar\addallfield_over.gif
c:\windows\SysWow64\images\toolbar\addfield.gif
c:\windows\SysWow64\images\toolbar\addfield_over.gif
c:\windows\SysWow64\images\toolbar\bologo.gif
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\first.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\firstd.gif
c:\windows\SysWow64\images\toolbar\firstresults.gif
c:\windows\SysWow64\images\toolbar\firstresults_over.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\help.gif
c:\windows\SysWow64\images\toolbar\help_over.gif
c:\windows\SysWow64\images\toolbar\interact.gif
c:\windows\SysWow64\images\toolbar\interact_over.gif
c:\windows\SysWow64\images\toolbar\interactd.gif
c:\windows\SysWow64\images\toolbar\last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\lastd.gif
c:\windows\SysWow64\images\toolbar\lastresults.gif
c:\windows\SysWow64\images\toolbar\lastresults_over.gif
c:\windows\SysWow64\images\toolbar\left_button.gif
c:\windows\SysWow64\images\toolbar\mblackarrow.gif
c:\windows\SysWow64\images\toolbar\mdownarrow.gif
c:\windows\SysWow64\images\toolbar\mdownfield.gif
c:\windows\SysWow64\images\toolbar\mdownfield_over.gif
c:\windows\SysWow64\images\toolbar\middle_button.gif
c:\windows\SysWow64\images\toolbar\mlogo.gif
c:\windows\SysWow64\images\toolbar\mtitleimage.gif
c:\windows\SysWow64\images\toolbar\muparrow.gif
c:\windows\SysWow64\images\toolbar\mupfield.gif
c:\windows\SysWow64\images\toolbar\mupfield_over.gif
c:\windows\SysWow64\images\toolbar\next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\nextd.gif
c:\windows\SysWow64\images\toolbar\nextresults.gif
c:\windows\SysWow64\images\toolbar\nextresults_over.gif
c:\windows\SysWow64\images\toolbar\prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\prevd.gif
c:\windows\SysWow64\images\toolbar\prevresults.gif
c:\windows\SysWow64\images\toolbar\prevresults_over.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\removeallfield.gif
c:\windows\SysWow64\images\toolbar\removeallfield_over.gif
c:\windows\SysWow64\images\toolbar\removefield.gif
c:\windows\SysWow64\images\toolbar\removefield_over.gif
c:\windows\SysWow64\images\toolbar\right_button.gif
c:\windows\SysWow64\images\toolbar\search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\separator.gif
c:\windows\SysWow64\images\toolbar\tab_fill_sel.gif
c:\windows\SysWow64\images\toolbar\tab_fill_unsel.gif
c:\windows\SysWow64\images\toolbar\tab_left_sel.gif
c:\windows\SysWow64\images\toolbar\tab_left_unsel.gif
c:\windows\SysWow64\images\toolbar\tab_right_sel.gif
c:\windows\SysWow64\images\toolbar\tab_right_unsel.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\toolbar\view.gif
c:\windows\SysWow64\images\toolbar\view_over.gif
c:\windows\SysWow64\images\toolbar\viewpressed.gif
c:\windows\SysWow64\images\toolbar\wizard.gif
c:\windows\SysWow64\images\toolbar\wizard_over.gif
c:\windows\SysWow64\images\toolbar\wizardpressed.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\emptybox.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\magnify.gif
c:\windows\SysWow64\images\tree\mdownarrow.gif
c:\windows\SysWow64\images\tree\minubox.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\muparrow.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\resizebar.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\wininit.ini
E:\AUTORUN.INF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-14 bis 2015-01-14  ))))))))))))))))))))))))))))))
.
.
2015-01-14 20:09 . 2015-01-14 20:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-14 17:03 . 2015-01-14 17:05        --------        d-----w-        C:\FRST
2015-01-13 17:51 . 2015-01-13 17:51        --------        d-----w-        c:\users\x\AppData\Roaming\ProductData
2015-01-13 17:50 . 2015-01-13 17:51        --------        d-----w-        c:\programdata\IObit
2015-01-13 17:50 . 2015-01-13 17:50        --------        d-----w-        c:\programdata\ProductData
2015-01-13 17:49 . 2015-01-13 17:50        --------        d-----w-        c:\program files (x86)\IObit
2015-01-13 17:49 . 2015-01-13 17:49        --------        d-----w-        c:\users\x\AppData\Roaming\IObit
2015-01-13 15:29 . 2015-01-13 15:29        --------        d-----w-        c:\programdata\Malwarebytes
2015-01-11 12:37 . 2015-01-11 12:34        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2015-01-11 12:34 . 2015-01-11 12:34        --------        d-----w-        c:\users\x\AppData\Roaming\Avira
2015-01-11 12:26 . 2014-11-24 09:23        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2015-01-11 12:26 . 2014-11-24 09:23        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-01-11 12:26 . 2014-11-24 09:23        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-01-11 12:26 . 2015-01-11 12:47        --------        d-----w-        c:\program files (x86)\Avira
2015-01-11 12:26 . 2015-01-11 12:35        --------        d-----w-        c:\programdata\Avira
2015-01-03 14:02 . 2015-01-13 15:49        --------        d-----w-        c:\users\x\AppData\Local\ContextTrue
2015-01-02 15:59 . 2015-01-02 15:59        --------        d-----w-        c:\users\x\AppData\Local\freecad
2015-01-02 12:16 . 2015-01-02 12:20        --------        d-----w-        c:\users\x\AppData\Roaming\FreeCAD
2014-12-26 11:55 . 2014-12-26 11:55        --------        d-----w-        c:\windows\UbiSoft
2014-12-26 11:43 . 2014-12-26 11:43        --------        d-----w-        c:\users\x\AppData\Roaming\TuneUp Software
2014-12-26 11:43 . 2014-12-26 11:43        --------        d-----w-        c:\users\x\AppData\Local\TuneUp Software
2014-12-26 11:42 . 2014-12-26 11:43        --------        d-----w-        c:\programdata\TuneUp Software
2014-12-26 11:42 . 2014-12-26 11:42        --------        d-sh--w-        c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-12-26 11:42 . 2014-12-26 11:42        --------        d--h--w-        c:\programdata\Common Files
2014-12-26 11:41 . 2014-12-26 11:43        --------        d-----w-        c:\users\x\AppData\Roaming\IHlpr
2014-12-20 17:10 . 2014-07-10 10:23        83632        ----a-w-        c:\windows\SysWow64\perf-MSSQL$KNXETS4-sqlctr10.52.4033.0.dll
2014-12-20 17:10 . 2014-07-10 10:22        89264        ----a-w-        c:\windows\system32\perf-MSSQL$KNXETS4-sqlctr10.52.4033.0.dll
2014-12-20 17:08 . 2014-12-20 17:08        --------        d-----w-        c:\program files\Microsoft.NET
2014-12-20 07:57 . 2014-12-20 07:57        --------        d-----r-        C:\assembly
2014-12-20 07:28 . 2014-12-20 07:28        --------        d-----w-        c:\programdata\Elka Shared
2014-12-20 07:28 . 2014-12-20 07:28        --------        d-----w-        c:\program files (x86)\ETS4
2014-12-20 07:28 . 2014-12-20 07:28        --------        d-----w-        c:\program files (x86)\Common Files\Elka Shared
2014-12-20 07:22 . 2014-12-20 08:09        --------        d-----w-        c:\users\x\AppData\Local\KNX
2014-12-20 07:19 . 2014-12-20 07:28        --------        d-----w-        c:\programdata\KNX
2014-12-20 07:19 . 2014-12-20 07:19        --------        d-----w-        c:\program files (x86)\Ets3PlugIn
2014-12-20 07:18 . 2014-12-20 07:28        --------        d-----w-        c:\program files (x86)\Common Files\EIBA sc
2014-12-20 07:10 . 2014-12-20 07:13        --------        d-----w-        c:\windows\SysWow64\js
2014-12-20 07:10 . 2014-12-20 07:13        --------        d-----w-        c:\windows\SysWow64\css
2014-12-20 07:10 . 2014-12-20 07:10        --------        d-----w-        c:\windows\SysWow64\prompting
2014-12-20 07:10 . 2014-12-20 07:10        --------        d-----w-        c:\program files (x86)\Business Objects
2014-12-20 07:07 . 2012-06-29 00:22        57288        ----a-w-        c:\windows\SysWow64\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-12-20 07:07 . 2012-06-29 00:17        86984        ----a-w-        c:\windows\system32\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-12-20 07:02 . 2014-12-20 07:02        --------        d-----w-        c:\program files (x86)\Microsoft Visual Studio 9.0
2014-12-17 18:33 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-17 18:33 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-17 13:49 . 2014-12-17 13:49        821096        ----a-w-        c:\program files\Common Files\System\SysMenu64.dll
2014-12-17 13:49 . 2014-12-17 13:49        649576        ----a-w-        c:\program files\Common Files\System\SysMenu.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 17:29 . 2012-11-26 19:01        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-13 17:29 . 2012-11-26 19:01        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-11 10:15 . 2011-08-19 08:36        112710672        ----a-w-        c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-10 14:28        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 14:28        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 14:28        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 14:28        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 14:28        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 14:28        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 14:28        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 14:28        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 14:27        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 14:26        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 14:27        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 14:27        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 14:27        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 14:26        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 14:27        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 14:27        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 14:26        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 14:27        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 14:27        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 14:26        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 14:27        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 14:26        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 14:26        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 14:27        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 14:26        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 14:27        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 14:27        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 14:26        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 14:26        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 14:27        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 14:27        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 14:27        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 14:27        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 14:27        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 14:27        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 14:27        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 14:27        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 14:26        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 14:27        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 14:26        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 14:27        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 14:27        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 14:26        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 14:27        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 14:27        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 14:27        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 14:27        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 14:27        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-18 13:56 . 2014-11-18 13:56        1202848        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 14:27        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 15:31        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 15:31        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 14:27        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 15:31        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:31        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 14:27        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 14:25        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 14:25        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-11-01 12:35 . 2014-11-01 12:36        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-11-01 12:15 . 2014-11-01 12:19        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 02:03 . 2014-12-10 14:25        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 14:25        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 08:32        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 08:32        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 08:32        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-11 10:13        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 08:32        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 10:13        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\x\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\x\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\x\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
"Personal ID"="c:\progra~2\COOLSP~1\PERSON~1\PID.EXE" [2014-07-05 1132984]
"nvhlpr"="c:\users\x\AppData\Local\ContextTrue\nvhlpr.exe" [2014-07-11 601584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-03 111928]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-06-24 6390048]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"S7UB Start"="c:\program files (x86)\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2010-06-02 102453]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2013-5-14 1395416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 EPLAN Client Service;EPLAN Client Service;c:\program files\EPLAN\Common\EClientService.exe;c:\program files\EPLAN\Common\EClientService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [x]
R3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcfilterlno2k.sys [x]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbnetlno2k.sys [x]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbserlno2k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s7oupc2x64;SIMATIC PC Adapter USB - USB Driver;c:\windows\system32\DRIVERS\s7oupc2x64.sys;c:\windows\SYSNATIVE\DRIVERS\s7oupc2x64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0153.sys [x]
R4 SQLAgent$KNXETS4;SQL Server Agent (KNXETS4);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SQLAgent$PCOMMERCIAL_1;SQL Server Agent (PCOMMERCIAL_1);c:\program files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\SQLAGENT.EXE [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\sws\almsrv\almsrv64x.exe;c:\program files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MSSQL$KNXETS4;SQL Server (KNXETS4);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [x]
S2 MSSQL$PCOMMERCIAL_1;SQL Server (PCOMMERCIAL_1);c:\program files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\sqlservr.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 s7hspsvx;S7 HSP Service;c:\program files (x86)\Siemens\Step7\s7bin\s7hspsvx.exe;c:\program files (x86)\Siemens\Step7\s7bin\s7hspsvx.exe [x]
S2 s7oiehsx64;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe;c:\program files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [x]
S2 s7ousbu64x;SIMATIC USB Service;c:\windows\system32\DRIVERS\s7ousbu64x.sys;c:\windows\SYSNATIVE\DRIVERS\s7ousbu64x.sys [x]
S2 s7sn2srtx;PROFINET IO RT-Protocol V2.0;c:\windows\system32\DRIVERS\s7sn2srtx.sys;c:\windows\SYSNATIVE\DRIVERS\s7sn2srtx.sys [x]
S2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 dpmconv;SIMATIC NET DP Driver;c:\windows\system32\DRIVERS\dpmconv.sys;c:\windows\SYSNATIVE\DRIVERS\dpmconv.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 s7odpx2x64;SIMATIC Knotentaufe;c:\windows\system32\DRIVERS\s7odpx2x64.sys;c:\windows\SYSNATIVE\DRIVERS\s7odpx2x64.sys [x]
S3 s7oppinx64;SIMATIC PPI Transport;c:\windows\system32\DRIVERS\s7oppinx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7oppinx64.sys [x]
S3 s7oserix64;Siemens PC Serial Cable;c:\windows\system32\Drivers\s7oserix64.sys;c:\windows\SYSNATIVE\Drivers\s7oserix64.sys [x]
S3 s7osmcax64;SIMATIC PC Adapter RS232;c:\windows\system32\DRIVERS\s7osmcax64.sys;c:\windows\SYSNATIVE\DRIVERS\s7osmcax64.sys [x]
S3 s7osobux64;SIMATIC SoftBus;c:\windows\system32\DRIVERS\s7osobux64.sys;c:\windows\SYSNATIVE\DRIVERS\s7osobux64.sys [x]
S3 s7otmcd64x;SIMATIC Memory Cards;c:\windows\system32\Drivers\s7otmcd64x.sys;c:\windows\SYSNATIVE\Drivers\s7otmcd64x.sys [x]
S3 s7otranx64;SIMATIC Transport;c:\windows\system32\DRIVERS\s7otranx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7otranx64.sys [x]
S3 s7otsadx64;SIMATIC TS Adapter RS232;c:\windows\system32\DRIVERS\s7otsadx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7otsadx64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 vsnl2ada;SIMATIC NET FDL Driver;c:\windows\system32\DRIVERS\vsnl2ada.sys;c:\windows\SYSNATIVE\DRIVERS\vsnl2ada.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 17:29]
.
2015-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13 15:17]
.
2015-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13 15:17]
.
2014-12-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-14 07:29]
.
2015-01-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-14 07:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"nwiz"="nwiz.exe" [2009-12-02 1712744]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-31 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-31 417560]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 60920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-03-14 63832]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-mbot_de_383 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-magnet - c:\windows\IsUn0407.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{184E4FA0-DE8C26D4-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\hasplms.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\SysWOW64\pniopcac.exe
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-14  21:16:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-14 20:16
.
Vor Suchlauf: 14 Verzeichnis(se), 39.895.494.656 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 39.709.786.112 Bytes frei
.
- - End Of File - - 9354F9B97788DB4E85898B15D8953D4A

deeprybka 14.01.2015 21:43
Zitat:
Wenn ich bei Google Chrome surfe öffnet sich nach einer zeit immer ein zweiter tab welcher von Avira geblockt wird.Das ganze sieht dann so aus :

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html

Wie bekomme ich den mist weg oder kann ich den rechner vergessen und muss ihn formatieren...
Du weißt schon, dass diese Extension von Avira selbst ist? :)
https://chrome.google.com/webstore/d...bcdekjklbdgfkk

OK, dann hätte ich gerne folgende Scans:

Schritt 1

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

(Vor und während Schritt 2 Avira bitte wieder deaktivieren!)


Schritt 2
Download von https://sites.google.com/site/canned...b27e2-Zoek.png ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    systemspecs;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
    ipconfig /flushdns >> %temp%\log.txt;b
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.

bastifantast 15.01.2015 20:11
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 15.01.2015
Suchlauf-Zeit: 18:16:08
Logdatei:
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.15.09
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: x

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 373123
Verstrichene Zeit: 18 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue\nvhlpr.exe, 5292, Löschen bei Neustart, [d0e56a8d2a5f5dd91fd64512c3406e92]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.ContextTrue.A, HKU\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ContextTrue, Löschen bei Neustart, [d0e56a8d2a5f5dd91fd64512c3406e92],

Registrierungswerte: 1
PUP.Optional.ContextTrue.A, HKU\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nvhlpr, C:\Users\x\AppData\Local\ContextTrue\nvhlpr.exe, Löschen bei Neustart, [d0e56a8d2a5f5dd91fd64512c3406e92]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 3
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue, Löschen bei Neustart, [d0e56a8d2a5f5dd91fd64512c3406e92],
PUP.Optional.IHlpr.A, C:\Users\x\AppData\Roaming\IHlpr\A6816789D8F945DB8FF7AE67BE4892A1, In Quarantäne, [c5f08f68fb8e34024660333620e3ca36],
PUP.Optional.IHlpr.A, C:\Users\x\AppData\Roaming\IHlpr\E1F70A13AF1F4A3D8441EE997E82A01B, In Quarantäne, [872e3bbca3e60d295f475316ca39e719],

Dateien: 9
PUP.Optional.Flowsurf.A, C:\Windows\System32\Tasks\upfs7235, In Quarantäne, [e2d39562bacfa393f25d6907956e8b75],
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue\CntxtTr.tome, In Quarantäne, [d0e56a8d2a5f5dd91fd64512c3406e92],
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue\ContextTrue_Uninstaller.exe, In Quarantäne, [d0e56a8d2a5f5dd91fd64512c3406e92],
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue\decrypt.bat, In Quarantäne, [d0e56a8d2a5f5dd91fd64512c3406e92],
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue\Ncrypt.exe, In Quarantäne, [d0e56a8d2a5f5dd91fd64512c3406e92],
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue\notifications.exe, In Quarantäne, [d0e56a8d2a5f5dd91fd64512c3406e92],
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue\nvhlpr.exe, Löschen bei Neustart, [d0e56a8d2a5f5dd91fd64512c3406e92],
PUP.Optional.ContextTrue.A, C:\Users\x\AppData\Local\ContextTrue\windoclib.exe, In Quarantäne, [d0e56a8d2a5f5dd91fd64512c3406e92],
PUP.Optional.IHlpr.A, C:\Users\x\AppData\Roaming\IHlpr\E1F70A13AF1F4A3D8441EE997E82A01B\TuneUp2014GER1day-de-DE-p4v1.exe, In Quarantäne, [872e3bbca3e60d295f475316ca39e719],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by x on 15.01.2015 at 18:56:20,38.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\x\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15.01.2015 18:57:21 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Corel deleted successfully
C:\PROGRA~2\Futuremark deleted successfully
C:\PROGRA~2\Gossen-Metrawatt deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\SolidWorks Shared deleted successfully
C:\Program Files\SolidWorks Corp deleted successfully
C:\Program Files\Common Files\SolidWorks Shared deleted successfully
C:\PROGRA~3\Adaptive Server Anywhere 9 deleted successfully
C:\PROGRA~3\PKWARE deleted successfully
C:\Users\x\AppData\Roaming\EDrawings deleted successfully
C:\Users\x\AppData\Roaming\EncryptStick deleted successfully
C:\Users\x\AppData\Roaming\IHlpr deleted successfully
C:\Users\x\AppData\Roaming\PKWARE deleted successfully
C:\Users\x\AppData\Local\cache deleted successfully
C:\Users\x\AppData\Local\DassaultSystemes deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5F11930-C4B8-4248-88C3-43621271B3FA} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5F11930-C4B8-4248-88C3-43621271B3FA} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11A6BA40-A9A7-4C55-8A26-979F718D9B} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11A6BA40-A9A7-4C55-8A26-979F718D9B} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14A878E2-260E-4C57-A739-75C4E82E76} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14A878E2-260E-4C57-A739-75C4E82E76} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{293132CA-D966-4808-ABB0-F668C87CD5B4} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{293132CA-D966-4808-ABB0-F668C87CD5B4} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B299C92-1E2B-4194-B684-43BA655F28E2} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B299C92-1E2B-4194-B684-43BA655F28E2} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BDE39AE-6121-4413-88EB-934911A6C03A} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BDE39AE-6121-4413-88EB-934911A6C03A} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9DF44A-F253-411F-8CBC-AF4655F9E47} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9DF44A-F253-411F-8CBC-AF4655F9E47} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F4C0B9E-32BA-4440-AB94-DDA3217169} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F4C0B9E-32BA-4440-AB94-DDA3217169} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45B22B50-B6CD-41DA-B35E-FE1A2D3ADC64} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45B22B50-B6CD-41DA-B35E-FE1A2D3ADC64} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{499580B1-3E87-43E7-B068-D29999F16668} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{499580B1-3E87-43E7-B068-D29999F16668} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DE64BA6-6EA4-4B3E-B530-ACFB96BFC4E} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DE64BA6-6EA4-4B3E-B530-ACFB96BFC4E} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{534EC786-4B21-4F32-BD39-E49034B74F6A} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{534EC786-4B21-4F32-BD39-E49034B74F6A} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67FDB6D2-7CE6-4666-ADA8-80897CF4E427} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67FDB6D2-7CE6-4666-ADA8-80897CF4E427} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7136F48E-206B-4D8B-8FA0-5561A2A3BFCF} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7136F48E-206B-4D8B-8FA0-5561A2A3BFCF} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E5CD6B7-9D5B-4AF8-843F-EAD2133D6EB8} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E5CD6B7-9D5B-4AF8-843F-EAD2133D6EB8} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{931B7B4F-46E5-4DF3-ADE7-F236F6769C3C} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{931B7B4F-46E5-4DF3-ADE7-F236F6769C3C} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9772F1FB-3712-4023-BADF-3DB4285AF04B} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9772F1FB-3712-4023-BADF-3DB4285AF04B} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B894346E-ABB1-4627-8FCD-BE90F565134B} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B894346E-ABB1-4627-8FCD-BE90F565134B} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B92D9717-C257-4B9B-8996-B7D9D2EE77C} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B92D9717-C257-4B9B-8996-B7D9D2EE77C} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBB56A55-EB-4A2B-91C7-28E89945547D} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBB56A55-EB-4A2B-91C7-28E89945547D} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0268094-CA46-43BD-9411-70DC11DE6185} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0268094-CA46-43BD-9411-70DC11DE6185} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4D252CE-A0F4-4085-85E1-8B7C6C85F4AE} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4D252CE-A0F4-4085-85E1-8B7C6C85F4AE} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D73AAAD4-22B4-4C94-A1A7-19E31488C1F6} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D73AAAD4-22B4-4C94-A1A7-19E31488C1F6} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D85AFCF4-4A95-4462-995D-49DAE3DCB0FB} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D85AFCF4-4A95-4462-995D-49DAE3DCB0FB} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE06DCD4-4B37-4127-96B4-B36F9ACE21F8} deleted successfully
HKEY_USERS\S-1-5-21-2150921082-4187140661-4272968030-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE06DCD4-4B37-4127-96B4-B36F9ACE21F8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D5F11930-C4B8-4248-88C3-43621271B3FA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D5F11930-C4B8-4248-88C3-43621271B3FA} deleted successfully

==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

==== Deleting Files \ Folders ======================

C:\Users\x\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Yahoo! deleted
C:\Program Files\Common Files\System\SysMenu.dll deleted
C:\Program Files\Common Files\System\SysMenu64.dll deleted
C:\found.000 deleted
C:\Users\x\AppData\Roaming\LTspiceIV.ini deleted
C:\Users\x\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\x\AppData\LocalLow\Yahoo! deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\fqkiMcMH.default\extensions\abs@avira.com deleted
"C:\Users\x\AppData\Roaming\SBPJHU" deleted
"C:\Users\x\AppData\Roaming\XIQF" deleted
"C:\Users\x\AppData\Roaming\FreeCAD\system.cfg" deleted
"C:\Users\x\AppData\Roaming\FreeCAD\user.cfg" deleted
"C:\Users\x\AppData\Roaming\FreeCAD" deleted

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 7988 MB
CPU Info: Intel(R) Core(TM) i5 CPU      M 540  @ 2.53GHz
CPU Speed: 2530,1 MHz
Sound Card: Lautsprecher (2- Conexant 20585 |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; ThinkPad Display 1440x900 | PnP-Monitor (Standard) |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Intel(R) Centrino(R) Advanced-N 6200 AGN | Intel(R) 82577LM Gigabit Network Connection
CD / DVD Drives: 1x (G: | ) G: ELBY    CLONEDRIVE
Ports: COM3 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  108,2GB | D:  1,3GB | E:  9,8GB | F:  698,5GB
Hard Disks - Free: C:  36,4GB | D:  558,6MB | E:  2,1GB | F:  672,4GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 02/14/13 | LENOVO - 1450
Time Zone: Mitteleuropäische Zeit
Motherboard *: LENOVO 253725G
Country: Deutschland
Language: DEU

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17501
Google Chrome version: 39.0.2171.95
Adobe Reader version: 11.0.10.32
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Flash Player version: 15.0.0.246

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"FFPDFArchitectConverter@pdfarchitect.com"=hex(2):43,00,3a,00,5c,00,50,00,72,\ []

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 39.0.2171.99)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Google Voice Search Hotword (Beta) - x\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com/"
"Default_Search_URL"="hxxp://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{931BC5E7-4222-4C37-8C7B-5B13E65BBEB4} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{998432D3-902D-4E81-AFDB-0DA7EC43EFD0} Google  Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=294 folders=79 602275391 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\x\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\x\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on 15.01.2015 at 19:32:56,76 ======================
Mal ne kleine Nebenfrage:Ich würde Avira gerne runterschmeißen und mir ein anderes AV-Programm installieren.
Welches benutzt bzw. vertraust du?Wäre auch nicht schlimm wenn es ein paar euro kostet.

deeprybka 15.01.2015 22:22
Probier mal ESET Nod32 Antivirus....

Kannst ja nach Ende der Bereinigung mal 30 Tage testen.


Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

bastifantast 16.01.2015 14:26
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by x (administrator) on X-THINK on 16-01-2015 14:17:17
Running from C:\Users\x\Downloads
Loaded Profiles: x (Available profiles: x)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(SIEMENS AG) C:\Program Files (x86)\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(SIEMENS AG) C:\Program Files (x86)\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Common Files\Siemens\SQLANY\dbsrv9.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SIEMENS AG) C:\Program Files (x86)\Siemens\Step7\S7BIN\s7hspsvx.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\pniomgr.exe
(SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [S7UB Start] => C:\Program Files (x86)\Common Files\Siemens\S7ubtoox\s7ubtstx.exe [102453 2010-06-03] (SIEMENS AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Run: [Personal ID] => C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2014-07-05] (coolspot AG, Düsseldorf)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {931BC5E7-4222-4C37-8C7B-5B13E65BBEB4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM-x32 -> {6DB94B0A-C3BF-413E-A0D0-FF8C210C7D58} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004 -> {998432D3-902D-4E81-AFDB-0DA7EC43EFD0} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\fqkiMcMH.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\fqkiMcMH.default\extensions\abs@avira.com [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\x\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13]
CHR Extension: (YouTube) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]
CHR Extension: (Adblock Plus) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-13]
CHR Extension: (Google-Suche) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]
CHR Extension: (Avira Browserschutz) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-13]
CHR Extension: (Click&Clean) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Google Mail) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [1542792 2011-10-28] (SIEMENS AG) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-06-24] (Lenovo.)
S3 EPLAN Client Service; C:\Program Files\EPLAN\Common\EClientService.exe [549800 2014-03-03] (EPLAN Software & Service GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 MSSQL$PCOMMERCIAL_1; C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S4 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6807656 2009-10-27] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [331512 2009-12-08] (QUALCOMM, Inc.)
R2 s7hspsvx; C:\Program Files (x86)\Siemens\Step7\s7bin\s7hspsvx.exe [61493 2011-10-31] (SIEMENS AG) [File not signed]
R2 s7oiehsx64; C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [139864 2011-11-03] (SIEMENS AG)
R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [229976 2011-11-03] (SIEMENS AG)
S4 SQLAgent$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S4 SQLAgent$PCOMMERCIAL_1; C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 dpmconv; C:\Windows\System32\DRIVERS\dpmconv.sys [259072 2011-04-19] (SIEMENS AG)
S3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2009-12-08] (QUALCOMM Incorporated)
S3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [240640 2009-12-08] (QUALCOMM Incorporated)
S3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [121216 2009-12-08] (QUALCOMM Incorporated)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R3 s7odpx2x64; C:\Windows\System32\DRIVERS\s7odpx2x64.sys [71168 2011-10-20] (SIEMENS AG)
R3 s7oppinx64; C:\Windows\System32\DRIVERS\s7oppinx64.sys [107520 2011-10-20] (SIEMENS AG)
R3 s7oserix64; C:\Windows\System32\Drivers\s7oserix64.sys [121344 2011-05-06] (SIEMENS AG)
R3 s7osmcax64; C:\Windows\System32\DRIVERS\s7osmcax64.sys [195584 2011-09-29] (SIEMENS AG)
R3 s7osobux64; C:\Windows\System32\DRIVERS\s7osobux64.sys [152576 2011-05-06] (SIEMENS AG)
R3 s7otmcd64x; C:\Windows\System32\Drivers\s7otmcd64x.sys [199680 2011-05-06] (SIEMENS AG)
R3 s7otranx64; C:\Windows\System32\DRIVERS\s7otranx64.sys [260096 2011-05-06] (SIEMENS AG)
R3 s7otsadx64; C:\Windows\System32\DRIVERS\s7otsadx64.sys [192000 2011-09-29] (SIEMENS AG)
S3 s7oupc2x64; C:\Windows\System32\DRIVERS\s7oupc2x64.sys [28672 2011-09-29] (SIEMENS AG) [File not signed]
R2 s7ousbu64x; C:\Windows\System32\DRIVERS\s7ousbu64x.sys [193024 2011-09-29] (SIEMENS AG)
R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [83032 2011-06-16] (SIEMENS AG)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [179288 2011-10-11] (SIEMENS AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada.sys [120832 2011-04-19] (SIEMENS AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 14:17 - 2015-01-16 14:17 - 00000000 ____D () C:\Users\x\Downloads\FRST-OlderVersion
2015-01-15 19:29 - 2015-01-15 18:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-15 18:57 - 2015-01-15 19:32 - 00021020 _____ () C:\zoek-results.log
2015-01-15 18:56 - 2015-01-15 19:22 - 00000000 ____D () C:\zoek_backup
2015-01-15 18:53 - 2015-01-15 18:53 - 00003322 _____ () C:\Users\x\Desktop\a.txt
2015-01-15 18:20 - 2015-01-15 18:21 - 01295360 _____ () C:\Users\x\Downloads\zoek.exe
2015-01-15 18:15 - 2015-01-16 14:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 18:15 - 2015-01-15 18:15 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-15 18:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-15 18:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 18:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 18:13 - 2015-01-15 18:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 21:16 - 2015-01-14 21:16 - 00044699 _____ () C:\ComboFix.txt
2015-01-14 20:04 - 2015-01-14 20:04 - 05609736 ____R (Swearware) C:\Users\x\Desktop\ComboFix.exe
2015-01-14 18:47 - 2015-01-14 21:16 - 00000000 ____D () C:\Qoobox
2015-01-14 18:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-14 18:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-14 18:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-14 18:46 - 2015-01-14 21:12 - 00000000 ____D () C:\Windows\erdnt
2015-01-14 18:05 - 2015-01-14 18:05 - 00044369 _____ () C:\Users\x\Downloads\Addition.txt
2015-01-14 18:04 - 2015-01-16 14:17 - 00025739 _____ () C:\Users\x\Downloads\FRST.txt
2015-01-14 18:03 - 2015-01-16 14:17 - 02125312 _____ (Farbar) C:\Users\x\Downloads\FRST64.exe
2015-01-14 18:03 - 2015-01-16 14:17 - 00000000 ____D () C:\FRST
2015-01-14 17:02 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:02 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:02 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:02 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 17:02 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 17:02 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 17:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:02 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 17:02 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:02 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:02 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:02 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 16:57 - 2015-01-14 16:57 - 02191360 _____ () C:\Users\x\Downloads\AdwCleaner_4.107 (1).exe
2015-01-13 19:34 - 2015-01-13 19:34 - 00000000 ____D () C:\Users\x\Documents\ProcAlyzer Dumps
2015-01-13 19:31 - 2015-01-13 19:31 - 00000340 _____ () C:\Users\x\Downloads\ClickClean-v8.4-Options.json
2015-01-13 18:56 - 2015-01-13 18:57 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\x\Downloads\spybot-2.4.exe
2015-01-13 18:51 - 2015-01-13 18:51 - 00000000 ____D () C:\Users\x\AppData\Roaming\ProductData
2015-01-13 18:50 - 2015-01-13 18:51 - 00000000 ____D () C:\ProgramData\IObit
2015-01-13 18:49 - 2015-01-13 18:50 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-13 18:49 - 2015-01-13 18:49 - 00000000 ____D () C:\Users\x\AppData\Roaming\IObit
2015-01-13 18:48 - 2015-01-13 18:49 - 17086240 _____ (IObit) C:\Users\x\Downloads\iobituninstaller41.exe
2015-01-13 18:46 - 2015-01-13 18:49 - 132469808 _____ (AVAST Software) C:\Users\x\Downloads\avast_free_antivirus_setup_10.2208.712 (1).exe
2015-01-13 18:40 - 2015-01-13 18:40 - 00001645 _____ () C:\Users\x\Downloads\software_removal_tool.log
2015-01-13 18:17 - 2015-01-13 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-13 16:29 - 2015-01-13 16:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 16:28 - 2015-01-13 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-13 16:19 - 2015-01-13 16:19 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\x\Downloads\SpyHunter-Installer.exe
2015-01-13 16:16 - 2015-01-13 16:16 - 00880784 _____ (Google Inc.) C:\Users\x\Downloads\ChromeSetup.exe
2015-01-11 13:37 - 2015-01-11 13:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-11 13:35 - 2015-01-11 13:35 - 00000000 ____D () C:\Users\x\AppData\Roaming\Mozilla
2015-01-11 13:34 - 2015-01-11 13:34 - 00000000 ____D () C:\Users\x\AppData\Roaming\Avira
2015-01-11 13:28 - 2015-01-11 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-11 13:26 - 2015-01-11 13:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-11 13:26 - 2015-01-11 13:35 - 00000000 ____D () C:\ProgramData\Avira
2015-01-11 13:26 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-11 13:26 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-11 13:26 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-11 13:08 - 2015-01-11 13:08 - 02191360 _____ () C:\Users\x\Downloads\adwcleaner_4.107.exe
2015-01-11 13:05 - 2015-01-11 13:07 - 87836524 _____ (AVAST Software) C:\Users\x\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-01-11 12:58 - 2015-01-16 14:13 - 00001176 _____ () C:\Windows\setupact.log
2015-01-11 12:58 - 2015-01-15 20:05 - 00162294 _____ () C:\Windows\PFRO.log
2015-01-11 12:58 - 2015-01-11 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 12:57 - 2015-01-11 12:57 - 00000000 ____D () C:\Users\Public\Documents\Siemens
2015-01-11 12:52 - 2015-01-11 12:53 - 00000000 ____D () C:\Users\x\Documents\Reg
2015-01-11 11:37 - 2015-01-11 11:42 - 154051656 _____ () C:\Users\x\Downloads\avira_free_antivirus468_de.exe
2015-01-11 11:33 - 2015-01-11 11:33 - 00000000 _____ () C:\autoexec.bat
2015-01-02 16:59 - 2015-01-02 16:59 - 00000000 ____D () C:\Users\x\AppData\Local\freecad
2015-01-02 13:15 - 2015-01-02 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.14
2015-01-02 13:15 - 2015-01-02 13:15 - 00000682 _____ () C:\Users\x\Desktop\FreeCAD.lnk
2014-12-26 13:35 - 2014-12-26 13:35 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 13:21 - 2014-12-26 13:21 - 00000000 ____D () C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 12:55 - 2014-12-26 12:55 - 00000000 ____D () C:\Windows\UbiSoft
2014-12-26 12:43 - 2014-12-26 12:43 - 00000000 ____D () C:\Users\x\AppData\Roaming\TuneUp Software
2014-12-26 12:43 - 2014-12-26 12:43 - 00000000 ____D () C:\Users\x\AppData\Local\TuneUp Software
2014-12-26 12:42 - 2014-12-26 12:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-26 12:42 - 2014-12-26 12:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-12-20 18:10 - 2014-07-10 11:23 - 00083632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$KNXETS4-sqlctr10.52.4033.0.dll
2014-12-20 18:10 - 2014-07-10 11:22 - 00089264 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$KNXETS4-sqlctr10.52.4033.0.dll
2014-12-20 12:42 - 2014-12-20 12:42 - 00002153 _____ () C:\Users\Public\Desktop\SEE Electrical V7.lnk
2014-12-20 12:42 - 2014-12-20 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IGE+XAO
2014-12-20 08:28 - 2014-12-20 08:28 - 00002429 _____ () C:\Users\Public\Desktop\ETS4.lnk
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNX
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\Elka Shared
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\Program Files (x86)\ETS4
2014-12-20 08:22 - 2014-12-20 09:09 - 00000000 ____D () C:\Users\x\AppData\Local\KNX
2014-12-20 08:19 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\KNX
2014-12-20 08:19 - 2014-12-20 08:19 - 00000000 ____D () C:\Program Files (x86)\Ets3PlugIn
2014-12-20 08:10 - 2014-12-20 08:13 - 00000000 ____D () C:\Windows\SysWOW64\js
2014-12-20 08:10 - 2014-12-20 08:13 - 00000000 ____D () C:\Windows\SysWOW64\css
2014-12-20 08:10 - 2014-12-20 08:10 - 00000000 ____D () C:\Windows\SysWOW64\prompting
2014-12-20 08:10 - 2014-12-20 08:10 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-12-20 08:07 - 2012-06-29 01:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-12-20 08:07 - 2012-06-29 01:17 - 00086984 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-12-20 08:02 - 2014-12-20 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-12-20 07:57 - 2014-12-20 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2014-12-17 19:33 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:33 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 14:14 - 2014-02-19 21:18 - 00000000 ___RD () C:\Users\x\Dropbox
2015-01-16 14:14 - 2014-02-19 21:12 - 00000000 ____D () C:\Users\x\AppData\Roaming\Dropbox
2015-01-16 14:13 - 2014-02-19 19:16 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 14:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 22:36 - 2010-01-22 03:07 - 01333715 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 22:22 - 2014-02-19 19:16 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 21:46 - 2012-11-26 20:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 20:14 - 2009-07-14 05:45 - 00025744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:14 - 2009-07-14 05:45 - 00025744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:12 - 2010-01-22 11:59 - 00846638 _____ () C:\Windows\system32\perfh007.dat
2015-01-15 20:12 - 2010-01-22 11:59 - 00204870 _____ () C:\Windows\system32\perfc007.dat
2015-01-15 20:12 - 2009-07-14 06:13 - 02022396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 20:00 - 2010-01-22 03:42 - 00000340 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-15 19:46 - 2012-11-26 20:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 19:46 - 2012-11-26 20:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 19:46 - 2012-11-26 20:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 19:22 - 2011-08-17 23:50 - 00000000 ____D () C:\Users\x
2015-01-15 19:22 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-15 19:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-15 19:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-15 18:57 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-14 21:54 - 2013-10-18 21:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:51 - 2011-08-19 09:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 21:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-14 21:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-14 17:26 - 2014-06-13 16:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 17:25 - 2014-06-13 16:10 - 00000000 ____D () C:\AdwCleaner
2015-01-14 16:56 - 2014-06-13 16:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:28 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\x\AppData\Local\Adobe
2015-01-13 18:17 - 2014-02-19 19:16 - 00000000 ____D () C:\Users\x\AppData\Local\Google
2015-01-13 18:17 - 2014-02-19 19:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 16:56 - 2014-02-28 17:44 - 00000000 ____D () C:\Users\x\AppData\Roaming\vlc
2015-01-13 16:17 - 2014-02-19 19:16 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 16:17 - 2014-02-19 19:16 - 00003844 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-11 12:42 - 2014-08-01 16:17 - 00000000 ____D () C:\Users\x\AppData\Roaming\Winamp
2015-01-11 12:42 - 2014-04-30 17:20 - 00000000 ____D () C:\Windows\Minidump
2015-01-08 09:55 - 2012-11-26 12:38 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 15:14 - 2010-01-22 03:40 - 00000000 ____D () C:\Program Files (x86)\AT&T
2015-01-03 15:13 - 2014-03-12 19:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-03 15:11 - 2011-08-17 23:51 - 00000998 _____ () C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-02 11:23 - 2014-02-21 08:42 - 00000000 ____D () C:\Users\x\AppData\Roaming\Skype
2014-12-26 12:33 - 2014-02-28 19:42 - 00000000 ____D () C:\Users\x\.gimp-2.8
2014-12-26 12:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 10:44 - 2014-11-02 15:04 - 00000000 ____D () C:\Users\x\AppData\Local\PokerStars.EU
2014-12-26 10:44 - 2014-11-02 15:03 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-12-20 18:02 - 2010-01-22 04:01 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-20 18:02 - 2010-01-22 04:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5008.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5006.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5005.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5004.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5002.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5001.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1100.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1010.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1001.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1000.ini
2014-12-20 12:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-12-20 08:15 - 2009-07-14 03:34 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-12-20 08:04 - 2014-10-14 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-12-20 08:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-20 08:00 - 2014-10-14 18:31 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-12-20 08:00 - 2014-10-14 18:31 - 00000000 ____D () C:\Windows\system32\1033
2014-12-19 17:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\x\AppData\Local\Temp\avgnt.exe
C:\Users\x\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymgemv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 21:47

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by x at 2015-01-16 14:18:14
Running from C:\Users\x\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Active@ File Recovery Professional 12 (HKLM\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 12 - LSoft Technologies Inc)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)
AT&T Service Activation (HKLM-x32\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.4.0 - )
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dropbox (HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Elektronischer Magnetplaner (HKLM-x32\...\magnet) (Version:  - )
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.2 - Lenovo Group Limited)
EPLAN Education 2.3 (HKLM-x32\...\EPLAN Education 2.3) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Education 2.3 (x32 Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG) Hidden
EPLAN Help de-DE 2.3 (HKLM-x32\...\{098E9513-C101-479F-A492-12300DE3B2DD}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN License Client (HKLM-x32\...\{0100BD88-3990-431F-9175-AB60E31AFFDE}) (Version: 9.1.11.44101 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Platform 2.3 (HKLM-x32\...\{E31472AD-7381-4A37-AB5B-18379C35A336}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Trial Education Data 2.3 (HKLM-x32\...\{E330FDB1-CC1B-4E02-8E26-4D3D4F74212F}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
Framework PCSoft (HKLM-x32\...\{F23EF286-3554-45EF-A65D-6218EB1DBE37}) (Version: 1.00.0000 - hager)
Free Billiards 2008 (HKLM-x32\...\Free Billiards 2008_is1) (Version:  - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video to MP3 Converter version 5.0.52.1111 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.52.1111 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hager prerequisites (HKLM-x32\...\{98C64AD3-6A1D-4737-9ED8-06A73741550C}) (Version: 1.00.0000 - hager)
Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.172 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.172 - InterVideo Inc.) Hidden
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster3_is1) (Version: 3.3 - Smart Projects)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KNX eteC Falcon Runtime v2.1 (x32 Version: 2.1.5213.27900 - KNX Association cvba) Hidden
KNX ETS4 (HKLM-x32\...\KNX ETS4) (Version: 4.1.3614.46489 - KNX Association cvba)
KNX ETS4 (x32 Version: 4.1.3614.46489 - KNX Association cvba) Hidden
KNX ETS4 Additional Runtime (x32 Version: 4.0.0.0 - KNX Association cvba) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5396.31 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0003.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
LOGO!Soft Comfort V7.0  (HKLM\...\LOGO!Soft Comfort V7.0 ) (Version: 7.0.0.0 - Siemens AG)
LOGO!Soft Comfort V7.1  (HKLM\...\LOGO!Soft Comfort V7.1 ) (Version: 7.1.0.0 - Siemens AG)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Mobile Broadband Connect (HKLM-x32\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.0.0.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Personal ID (HKLM-x32\...\{F722209B-739E-40E4-ADB1-062BD032A0DB}) (Version: 1.8.5.202 - coolspot AG)
PKZIP Server for Windows 12.40.0008 (HKLM-x32\...\{134A51EB-1BBB-4249-BAF5-494C3D186A06}) (Version: 12.40.0008 - PKWARE, Inc)
Qualcomm Gobi 2000 Package for Lenovo (HKLM-x32\...\{6CA29A45-EF6D-4F73-997E-7CE03DBD4B69}) (Version: 1.1.80 - QUALCOMM)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Screen Antics 2.1 (HKLM-x32\...\Screen Antics) (Version: 2.1 - Jaap van Wingerden)
SEE Electrical V7 (HKLM-x32\...\{640A67B2-2CE3-4980-89FF-CFBBBC051D3E}) (Version: 7.10.4141 - IGE+XAO)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Siemens Automation License Manager (Version: 05.01.0100 - Siemens AG) Hidden
Siemens Automation License Manager V5.1 + SP1  (HKLM\...\{8D2E0408-8D61-4A53-B0DB-2AD670A38624}LicenseManager) (Version: 05.01.0100 - Siemens AG)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{F1412D98-F30E-49EF-9566-4E0A59835725}) (Version: 6.2.00 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_2 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_2) (HKLM-x32\...\{86AF14D7-1617-41D6-A930-8CB5B6E85797}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
SIMATIC  STEP 7 (x32 Version: 05.05.0200 - Siemens AG) Hidden
SIMATIC  STEP 7 V5.5 + SP2 Professional 2010 SR2  (HKLM-x32\...\{7B427E8E-F76D-4C8C-B155-7F24DF46DB67}STEP7) (Version: 05.05.0200 - Siemens AG)
SIMATIC Device Drivers (Version: 01.00.0200 - Siemens AG) Hidden
SIMATIC NCM FWL 64 (Version: 05.05.0100 - Siemens AG) Hidden
SIMATIC PLCSIM 64 (Version: 01.00.0001 - Siemens AG) Hidden
SIMATIC S7-GRAPH (x32 Version: 05.03.0700 - Siemens AG) Hidden
SIMATIC S7-GRAPH V5.3 + SP7 Professional 2010 SR2  (HKLM-x32\...\{4FF24C45-A4EE-4A99-B287-E3468EC41CBD}S7GRAPH) (Version: 05.03.0700 - Siemens AG)
SIMATIC S7-PCT (x32 Version: 02.03.0000 - Siemens AG) Hidden
SIMATIC S7-PCT V2.3 Professional 2010 SR2  (HKLM-x32\...\{06AF0F82-E926-48A6-8C5F-ECB195DB2CB4}S7PCT) (Version: 02.03.0000 - Siemens AG)
SIMATIC S7-PLCSIM (x32 Version: 5.4.0502 - Siemens AG) Hidden
SIMATIC S7-PLCSIM V5.4 + SP5 + Upd2 Professional 2010 SR2  (HKLM-x32\...\{1CBF27F6-24A4-488D-940A-678F1C691C49}PLCSim) (Version: 5.4.0502 - Siemens AG)
SIMATIC S7-SCL (x32 Version: 5.3.6.0 - Siemens AG) Hidden
SIMATIC S7-SCL V5.3 + SP6 Professional 2010 SR2  (HKLM-x32\...\{5B1B0682-EEC6-4EDD-BAB0-3FEC2E55090D}SCL) (Version: 5.3.6.0 - Siemens AG)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}) (Version: 2.50 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Intel (e1kexpress) Net  (12/01/2009 11.5.7.0) (HKLM\...\B65F6B58F0E37352721284FE7F009532B5DF1D2C) (Version: 12/01/2009 11.5.7.0 - Intel)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader  (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
ZPlan (HKLM-x32\...\{B8A8AF33-800B-49DC-AF54-EE642A3C3066}) (Version: 1.0.1407.1107 - Hager)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-01-2015 18:57:08 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-14 21:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C60B7FB-264C-4E33-99CD-590CC997F3E9} - System32\Tasks\LaunchCSS => C:\PROGRAM FILES\LENOVO\CLIENT SECURITY SOLUTION\cssauth.exe [2011-06-10] (Lenovo Group Limited)
Task: {1B8A97AE-4C2B-4F23-A2B3-5C8DCAEAB435} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {22F1B871-8A53-459B-9B85-43DAA0FAF3EB} - \upfs7235 No Task File <==== ATTENTION
Task: {4049BA40-48F7-4094-BC5C-3E70E5AA1B73} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {442F485E-EA55-4B7E-986E-36258DD7F108} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-11-14] (PC-Doctor, Inc.)
Task: {461FD748-1A4C-49FE-A8A6-69CE7BE0BD88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-06-24] (Lenovo Group Limited)
Task: {4EBB852E-0896-4BA5-981C-F503772C9CFC} - System32\Tasks\{790C4479-9298-4EE6-A9DA-E746E08AFEB4} => pcalua.exe -a "F:\Step 7\s7sp5\Install\CD_1\STEP7\Disk1\s7sdd\setup.exe" -d "F:\Step 7\s7sp5\Install\CD_1\STEP7\Disk1\s7sdd"
Task: {518E63E5-969D-4E50-9E3E-9295034DE576} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {541D5419-5629-4055-AD17-667F38D626BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {5A847B5C-133C-42F1-98B4-4E7B94B6C0D8} - System32\Tasks\{173C887B-C621-4993-B5E3-F42CBBFA2C16} => pcalua.exe -a "F:\Step 7\treiber\Setup.exe" -d "F:\Step 7\treiber"
Task: {604C4976-CA2E-447C-AB01-0F833CDF6A76} - System32\Tasks\TVT\LaunchRnR
Task: {6E0C6309-52EB-4146-B1EE-20D773168A6B} - System32\Tasks\{011EADE2-F8CF-44A7-B34A-7AC4ADF9144C} => pcalua.exe -a "F:\Caddy++\CADdy++ Elektrotechnik v3.80 Full - enterprise\SETUP.EXE" -d "F:\Caddy++\CADdy++ Elektrotechnik v3.80 Full - enterprise"
Task: {A1CA3234-25AB-4241-9A9D-844234792DD3} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {AAA34DF5-45A2-4EC3-A462-1A266EDC7D17} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {D1169947-CA98-4990-BE71-C7266F1D1C50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {D1307042-72D6-473F-A8E5-808C1FD7C2C1} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {DA5D448C-36C1-4185-A4BA-793CC9E6D61B} - System32\Tasks\{AB11FA6C-9A14-4B7D-B927-93AA27D4DDBA} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618
Task: {DE0141DF-F7D6-458A-B529-6D8BCA52D335} - System32\Tasks\{033A4634-0BB0-4915-9214-ED93BA6B9585} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {E6521F03-247B-437E-B3CE-70B2EF2435AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {E745C36E-47E1-40C8-AF9C-CD523DE97462} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E7D540B0-12B9-40CC-A5AD-558559632742} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdlauncher.exe [2009-11-14] (PC-Doctor, Inc.)
Task: {EE38804D-6F3A-4917-BE75-EC842ED33683} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdlauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-22 03:20 - 2014-06-24 05:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-03-10 00:43 - 2011-03-10 00:43 - 00774144 _____ () C:\Program Files\Common Files\Siemens\SWS\PlugIns\SCP\Scpwin64.dll
2012-11-22 16:23 - 2011-02-22 18:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2011-06-14 17:24 - 2011-06-14 17:24 - 00824320 _____ () C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\sn_regbase.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 01408328 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-13 18:17 - 2014-12-06 02:17 - 10689352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 01856840 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-16 14:13 - 2015-01-16 14:13 - 00043008 _____ () c:\users\x\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymgemv.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-06-14 17:24 - 2011-06-14 17:24 - 00749568 _____ () C:\Windows\SysWOW64\sn_regbase.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NVIDIA Performance Driver Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMwareHostd => 2
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-2150921082-4187140661-4272968030-500 - Administrator - Disabled)
Gast (S-1-5-21-2150921082-4187140661-4272968030-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2150921082-4187140661-4272968030-1007 - Limited - Enabled)
x (S-1-5-21-2150921082-4187140661-4272968030-1004 - Administrator - Enabled) => C:\Users\x

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 06:45:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (01/15/2015 06:22:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (01/14/2015 09:54:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (01/14/2015 09:51:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (01/14/2015 08:11:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80070422).

Error: (01/14/2015 08:09:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80070422).

Error: (01/14/2015 08:07:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80070422).

Error: (01/14/2015 08:01:08 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/14/2015 08:01:08 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/14/2015 08:01:08 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (01/16/2015 02:17:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/15/2015 08:09:53 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/15/2015 07:33:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/15/2015 07:29:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/15/2015 07:22:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/15/2015 07:22:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/15/2015 07:22:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/15/2015 07:22:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/15/2015 07:22:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/15/2015 06:12:41 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (04/25/2014 06:40:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-01-14 21:08:44.347
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-14 21:08:44.098
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 37%
Total physical RAM: 7987.67 MB
Available physical RAM: 4970.43 MB
Total Pagefile: 15973.52 MB
Available Pagefile: 12358.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:108.18 GB) (Free:35.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SYSTEM_DRV) (Fixed) (Total:1.27 GB) (Free:0.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:9.79 GB) (Free:2.07 GB) NTFS
Drive f: (Daten) (Fixed) (Total:698.46 GB) (Free:672.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 0F78C1BF)
Partition 1: (Not Active) - (Size=1.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=108.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: F7199A90)
Partition 2: (Active) - (Size=698.6 GB) - (Type=OF Extended)

==================== End Of Log ============================

deeprybka 16.01.2015 14:36
Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2015-01-13 16:19 - 2015-01-13 16:19 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\x\Downloads\SpyHunter-Installer.exe
Task: {22F1B871-8A53-459B-9B85-43DAA0FAF3EB} - \upfs7235 No Task File
CreateRestorePoint:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


bastifantast 16.01.2015 14:45
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by x at 2015-01-16 14:40:02 Run:1
Running from C:\Users\x\Downloads
Loaded Profiles: x (Available profiles: x)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2015-01-13 16:19 - 2015-01-13 16:19 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\x\Downloads\SpyHunter-Installer.exe
Task: {22F1B871-8A53-459B-9B85-43DAA0FAF3EB} - \upfs7235 No Task File
CreateRestorePoint:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\x\Downloads\SpyHunter-Installer.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22F1B871-8A53-459B-9B85-43DAA0FAF3EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22F1B871-8A53-459B-9B85-43DAA0FAF3EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
Restore point was successfully created.


The system needed a reboot.

==== End of Fixlog 14:40:46 ====

deeprybka 16.01.2015 14:55
:daumenhoc

bastifantast 16.01.2015 17:42
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bb8f3b2e6f63ed459e46eabb339c9976
# engine=22001
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-16 04:02:12
# local_time=2015-01-16 05:02:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 8433 4606732 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8473 173053982 0 0
# scanned=307822
# found=18
# cleaned=0
# scan_time=7905
sh=E45C1D583BDD644F636D8DA387761796CE1D7038 ft=1 fh=fe33acdf835fbfaa vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=75773C452146645B80387025120B3AFC1BD7F608 ft=1 fh=f924702fd032a998 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir"
sh=CD814F8CAC8880831029BCA4568031141FFE8534 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir"
sh=D9B3BA161D98EA1AD0E61015B2F11DB47A0A6875 ft=1 fh=8252b73ae811ba6a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir"
sh=4E5E1B36910AD12E0E328F71A7CDC6EA6C009F9E ft=1 fh=ad050ae056d7e21e vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=4EDACB162E79B13F82774B4D1951DDAD8C518115 ft=1 fh=eba317b2b14505a9 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=E176D7F68E9CC6D03E8555B51565423033CDF6A9 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\x\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip.vir"
sh=E45C1D583BDD644F636D8DA387761796CE1D7038 ft=1 fh=fe33acdf835fbfaa vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\x\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=75773C452146645B80387025120B3AFC1BD7F608 ft=1 fh=f924702fd032a998 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\x\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=CD814F8CAC8880831029BCA4568031141FFE8534 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\x\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=D9B3BA161D98EA1AD0E61015B2F11DB47A0A6875 ft=1 fh=8252b73ae811ba6a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\x\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=08A0C25B0BF40535697C1C584ACCDA490D6BC882 ft=1 fh=dbe7f66a50ce49ed vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\x\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=EB64DE2BBC96DA818C18660FA605DF3F98111ADC ft=1 fh=787246bec8a5c825 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_Common Files_System_SysMenu.dll.vir"
sh=EB4E6055C07A2F02A34F6FF0E310879701A32827 ft=1 fh=1cb8194123060112 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_Common Files_System_SysMenu64.dll.vir"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_x_AppData_Roaming_SBPJHU.vir"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_x_AppData_Roaming_XIQF.vir"


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:45 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131