Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 8 - 64 bit (6.2 build 9200), Chrome öffnet ungewünscht neue Tabs (https://www.trojaner-board.de/165349-windows-8-64-bit-6-2-build-9200-chrome-oeffnet-ungewuenscht-neue-tabs.html)

intradeep 20.03.2015 19:04
Windows 8 - 64 bit (6.2 build 9200), Chrome öffnet ungewünscht neue Tabs
 
Hallo zusammen,

auf meinem Laptop (Win 8 64bit) öffnen sich in Chrome selbstständig neue Tabs. Inhalt der Tabs ist z.B. diverse Casino Sites, Gambling, Werbung. Manchmal werden die Tabs am Ende der Tableiste erstellt, manchmal am Anfang. Evtl hat es mit dem zuletzt aktiven Tab zu tun, ich bin mir nicht sicher.
UPDATE: die Tabs tauchen auf bei andauernder Benutzung nach einiger Zeit auf, z.B.: "static.mybet.com/....", www.kingplayer.com/, hxxp://www.zargadv.info/

Ich habe dieses Forum gefunden und bevor ich die Hilfe lesen konnte, in blindem Aktivismus schon selbst FRST 64 ausgeführt, ein Programm mit dem Hinweis "Attention" habe ich mit REVO uninstaller entfernt.

Defogger habe ich benutzt, keine Fehler. Bisher nicht re-enabled.

FRST 64 - nach dem REVO-uninstall von dem einzigen "Attention"-Fund:


Nach Entfernen der verdächtigen Items der FRST 64:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by svens_000 (administrator) on INTRADEEP_T430U on 20-03-2015 17:42:10
Running from C:\Downloads\FRST64
Loaded Profiles: svens_000 (Available profiles: svens_000)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Windows\UnsignedThemesSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nenad Hrg (SoftwareOK.com)) C:\Program Files (x86)\Q-Dir\Q-Dir.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Downloads\FRST64\Gmer-19357.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079352 2013-05-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-05-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86376 2013-09-12] (Authentec Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Hilfe Assistent] => C:\Program Files (x86)\Hilfe Assistent\Hilfe_Assistent.exe [18586432 2013-08-30] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\Run: [BoxCryptor] => C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe [4142848 2013-04-27] (Secomba GmbH)
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\Run: [DT Emphelungstool] => "C:\Users\svens_000\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 2
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\MountPoints2: {a0a6a900-9976-11e2-be7a-6036dd6394ed} - "D:\SETUP.EXE" /adminfile IU.MSP
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
SSODL: EldosMountNotificator-cbfs4 - {E16C39B0-91F1-4EC1-B195-A6BA9F9BCA8D} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {E16C39B0-91F1-4EC1-B195-A6BA9F9BCA8D} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {A4E57277-42D1-4DC7-821A-91A21A863848} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {A4E57277-42D1-4DC7-821A-91A21A863848} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=C45A6036DD6394ED
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-30]
CHR Extension: (Google Drive) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-30]
CHR Extension: (WOT) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-03-20]
CHR Extension: (YouTube) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-30]
CHR Extension: (Adblock Plus) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-29]
CHR Extension: (Silverlight for Chrome) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnklfhofbcfndknbonklnijndoeknal [2015-02-27]
CHR Extension: (Google Search) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-30]
CHR Extension: (High Contrast) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2013-04-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-06-03]
CHR Extension: (Session Buddy) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-04-02]
CHR Extension: (AdBlock) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-19]
CHR Extension: (Tabman Tabs Manager) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm [2013-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (ScriptSafe) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-03-20]
CHR Extension: (Gmail) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-30]
CHR HKLM-x32\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [11776 2012-09-03] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-31] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385216 2013-04-24] (EldoS Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
U3 kwkiqfow; \??\C:\Users\SVENS_~1\AppData\Local\Temp\kwkiqfow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 16:46 - 2015-03-20 16:46 - 00000000 _____ () C:\Users\svens_000\defogger_reenable
2015-03-20 12:43 - 2015-03-20 12:43 - 00000000 ___SH () C:\DkHyperbootSync
2015-03-20 12:13 - 2015-03-20 15:26 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\mIRC
2015-03-20 12:13 - 2015-03-20 12:13 - 00000823 _____ () C:\Users\Public\Desktop\mIRC.lnk
2015-03-20 12:13 - 2015-03-20 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-03-20 11:51 - 2015-03-20 11:51 - 00001586 _____ () C:\Windows\comsetup.log
2015-03-20 11:44 - 2015-03-20 12:00 - 00022863 _____ () C:\Windows\diagwrn.xml
2015-03-20 11:44 - 2015-03-20 12:00 - 00022863 _____ () C:\Windows\diagerr.xml
2015-03-20 00:40 - 2015-03-20 00:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-20 00:07 - 2015-03-20 01:00 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-03-20 00:07 - 2015-03-20 00:07 - 00001126 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-03-20 00:07 - 2015-03-20 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-03-20 00:07 - 2015-03-20 00:07 - 00000000 ____D () C:\ProgramData\Licenses
2015-03-20 00:07 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-03-19 23:41 - 2015-03-19 23:41 - 00508440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 23:37 - 2015-03-19 23:37 - 00522709 _____ () C:\Windows\system32\Drivers\etc\HOSTS.tmp
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\abelhadigital.com
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2015-03-19 22:16 - 2015-03-19 22:16 - 00002170 _____ () C:\Users\svens_000\Desktop\JDownloader 2.lnk
2015-03-19 22:16 - 2015-03-19 22:16 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-03-19 22:14 - 2015-03-20 16:00 - 00000000 ____D () C:\Users\svens_000\AppData\Local\JDownloader 2.0
2015-03-14 22:57 - 2015-03-16 21:17 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2015-03-14 22:31 - 2015-03-14 22:31 - 00000620 _____ () C:\Users\svens_000\Desktop\JRT.txt
2015-03-14 21:13 - 2015-02-23 11:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-14 21:13 - 2015-02-23 11:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-14 21:13 - 2015-02-23 11:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-14 21:13 - 2015-02-23 11:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-14 21:13 - 2015-02-23 11:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-14 21:13 - 2015-02-23 11:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-14 21:13 - 2015-02-23 11:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-14 21:13 - 2015-02-23 11:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-14 21:13 - 2015-02-23 11:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-14 21:13 - 2015-02-23 10:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-14 21:13 - 2015-02-23 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-14 21:13 - 2015-02-23 09:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-14 21:13 - 2015-02-21 06:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-14 21:13 - 2015-02-21 06:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-14 21:13 - 2015-02-21 06:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-14 21:13 - 2015-02-21 06:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-14 21:13 - 2015-02-21 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-14 21:13 - 2015-02-21 06:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-14 21:13 - 2015-02-21 06:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-14 21:13 - 2015-02-21 06:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-14 21:13 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-14 21:13 - 2015-02-21 06:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-14 21:13 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-14 21:13 - 2015-02-21 04:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-14 21:12 - 2015-01-24 07:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-14 21:12 - 2015-01-24 06:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-14 21:11 - 2015-03-06 08:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-14 21:11 - 2015-03-06 06:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-14 21:11 - 2015-02-26 05:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-14 21:11 - 2015-02-03 00:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-14 21:11 - 2015-01-29 09:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-03-14 21:11 - 2015-01-29 09:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-03-14 21:11 - 2015-01-29 09:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-03-14 21:11 - 2015-01-29 09:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-14 21:11 - 2015-01-29 09:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-14 21:11 - 2015-01-29 07:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-14 21:11 - 2015-01-29 07:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-14 21:11 - 2015-01-15 12:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-03-14 21:11 - 2015-01-15 12:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-14 21:11 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-03-14 21:11 - 2015-01-15 10:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-14 21:11 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-14 21:11 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-14 21:11 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-14 21:11 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-14 21:11 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-14 21:11 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-03-14 21:11 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-14 21:11 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-14 21:11 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-14 21:11 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-03-14 21:11 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-03-14 21:11 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-03-14 21:11 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-03-14 21:11 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-03-14 21:11 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-14 21:11 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-14 21:11 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-03-14 21:11 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-14 21:11 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-14 21:11 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-03-14 21:11 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-14 21:11 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-14 21:11 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-03-14 21:11 - 2014-08-28 07:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-03-14 21:10 - 2015-03-06 08:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-14 21:10 - 2015-03-06 06:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-14 21:10 - 2015-01-31 14:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-14 21:10 - 2015-01-31 06:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-14 21:10 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-14 21:09 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-14 21:08 - 2015-02-20 14:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-14 21:08 - 2015-02-20 12:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-14 21:08 - 2015-02-20 09:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-14 21:08 - 2015-02-20 08:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-14 21:08 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2015-03-14 21:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-03-14 21:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-03-14 21:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-03-14 21:08 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-03-14 21:08 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-03-14 21:08 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2015-03-14 21:08 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-03-14 21:08 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-03-14 21:08 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-03-14 21:08 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-03-14 21:08 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-03-14 21:08 - 2014-07-12 01:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-14 21:08 - 2014-07-12 01:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2015-03-14 21:08 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2015-03-14 21:08 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2015-03-14 21:08 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2015-03-14 21:08 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2015-03-14 21:08 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-03-14 21:08 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-03-14 21:08 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-03-14 21:08 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-14 21:08 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-03-14 21:08 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-03-14 21:08 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-03-14 21:08 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-14 21:08 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-03-14 21:08 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-03-14 21:08 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-14 21:08 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-14 21:06 - 2015-01-29 09:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-14 21:06 - 2015-01-29 09:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-14 21:06 - 2015-01-29 07:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-14 21:06 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-14 21:04 - 2015-01-20 07:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-14 21:04 - 2015-01-20 06:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-14 21:03 - 2015-01-24 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-14 21:03 - 2015-01-24 06:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-14 21:03 - 2015-01-24 05:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-14 21:03 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-14 21:03 - 2014-12-08 07:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-14 21:03 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-14 21:03 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-03-14 21:03 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-03-14 21:03 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-03-14 21:03 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-14 21:03 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-03-14 21:03 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-03-14 21:03 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-14 21:03 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-14 21:03 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-03-14 21:03 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-03-14 21:03 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-03-14 21:03 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-14 21:02 - 2015-02-17 07:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-14 21:02 - 2015-02-17 06:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-14 20:56 - 2015-03-14 20:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2015-03-14 20:28 - 2015-03-14 20:28 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-14 20:19 - 2015-03-14 20:24 - 00000000 ____D () C:\AdwCleaner
2015-03-14 18:40 - 2015-03-20 16:40 - 00176395 _____ () C:\Users\svens_000\Desktop\chrome tabs malware.txt
2015-03-14 18:29 - 2015-03-14 18:29 - 00000000 ____D () C:\Users\svens_000\AppData\Local\AAA_Internet_Publishing,_
2015-03-14 18:29 - 2014-10-15 14:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
2015-03-14 12:22 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-14 11:59 - 2015-03-14 22:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 11:57 - 2015-03-14 11:57 - 00001149 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-14 11:57 - 2015-03-14 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-14 11:57 - 2015-03-14 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-14 11:57 - 2015-03-14 11:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-14 11:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-14 11:57 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-14 11:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-14 00:46 - 2015-03-20 17:42 - 00000000 ____D () C:\FRST
2015-03-14 00:46 - 2015-03-14 00:46 - 00001311 _____ () C:\Users\svens_000\Desktop\Revo Uninstaller.lnk
2015-03-14 00:46 - 2015-03-14 00:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-27 23:21 - 2015-02-27 23:21 - 00002346 _____ () C:\Users\svens_000\Desktop\Chrome App Launcher.lnk
2015-02-27 23:21 - 2015-02-27 23:21 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-21 23:49 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBA.DLL
2015-02-21 13:52 - 2015-02-21 13:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-21 13:52 - 2015-02-21 13:52 - 00002062 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-21 13:52 - 2015-02-21 13:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-21 13:51 - 2015-03-14 20:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-21 13:48 - 2015-02-21 13:59 - 00000000 ____D () C:\Users\svens_000\AppData\Local\Adobe
2015-02-20 23:19 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBU.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 17:12 - 2013-03-30 14:29 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-20 16:49 - 2012-07-26 11:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-03-20 16:49 - 2012-07-26 11:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-03-20 16:49 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 16:48 - 2013-03-31 12:29 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\vlc
2015-03-20 16:47 - 2014-03-16 13:39 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\ClassicShell
2015-03-20 16:46 - 2013-03-30 13:57 - 00000000 ____D () C:\Users\svens_000
2015-03-20 15:49 - 2013-10-16 21:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-20 15:49 - 2013-10-16 21:25 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-20 15:48 - 2014-08-17 14:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-20 15:48 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-20 15:44 - 2013-03-30 13:57 - 02063027 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 12:00 - 2012-07-26 08:21 - 00431673 _____ () C:\Windows\setupact.log
2015-03-20 11:57 - 2012-07-26 09:13 - 00002432 _____ () C:\Windows\DtcInstall.log
2015-03-20 11:51 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\Registration
2015-03-20 11:48 - 2014-11-21 23:00 - 00000000 ___HD () C:\$Windows.~BT
2015-03-20 01:00 - 2013-03-31 02:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-19 23:42 - 2013-03-30 14:29 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 23:41 - 2013-03-30 20:49 - 00078480 _____ () C:\Windows\PFRO.log
2015-03-19 23:41 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 23:41 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-19 22:52 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-03-19 22:16 - 2013-06-10 05:38 - 00000000 ____D () C:\Users\svens_000\JDownloader
2015-03-19 11:24 - 2014-09-11 19:11 - 00000072 _____ () C:\Autoconfig.ini
2015-03-15 14:23 - 2013-03-31 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 22:58 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-14 22:57 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2015-03-14 22:57 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 22:57 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 22:57 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-14 22:57 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-14 22:57 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-14 21:43 - 2013-03-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 21:43 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-14 21:43 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini
2015-03-14 21:30 - 2014-08-16 11:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 20:56 - 2013-03-30 14:02 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-14 20:26 - 2013-03-31 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-14 19:25 - 2013-03-31 12:29 - 00000000 ____D () C:\Windows\AutoKMS
2015-03-14 12:24 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-14 12:14 - 2013-05-07 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-14 12:14 - 2013-03-31 12:22 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-14 12:14 - 2013-03-31 12:22 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-14 01:04 - 2013-04-06 17:23 - 00000000 ____D () C:\Manga
2015-03-04 22:24 - 2014-09-20 11:20 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-09-20 11:20 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-28 17:07 - 2013-03-31 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-27 19:36 - 2013-04-06 15:57 - 00006791 _____ () C:\Windows\LkmdfCoInst.log
2015-02-26 21:14 - 2013-04-01 01:09 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-22 13:26 - 2013-10-13 13:37 - 00000000 ____D () C:\Dokumente
2015-02-22 13:26 - 2013-03-31 11:46 - 00003614 _____ () C:\Windows\Sandboxie.ini
2015-02-21 13:59 - 2013-03-30 13:58 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2013-04-27 17:06 - 2013-04-27 17:06 - 0000017 _____ () C:\Users\svens_000\AppData\Local\resmon.resmoncfg
2013-03-30 20:19 - 2013-03-30 20:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\svens_000\AppData\Local\Temp\avgnt.exe
C:\Users\svens_000\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\svens_000\AppData\Local\Temp\mirc741.exe
C:\Users\svens_000\AppData\Local\Temp\proxy_vole3414851859463708402.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 19:02

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by svens_000 at 2015-03-20 17:43:07
Running from C:\Downloads\FRST64
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Backup4all Professional 4 (HKLM-x32\...\{218B007C-1526-4F16-9924-FE9AD47F0CF7}) (Version: 4.8.286 - Softland)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BoxCryptor 1.5 (HKLM-x32\...\BoxCryptor) (Version: 1.5.413.154 - Secomba GmbH)
calibre 64bit (HKLM\...\{C7B9E1F1-45A6-4AF8-A800-0FE9A2B8F30C}) (Version: 1.14.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.2 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.2.0.998 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.2 - Corel Corporation) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.54 - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.20 - Lenovo)
Energy Management (x32 Version: 8.0.2.20 - Lenovo) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hilfe Assistent (HKLM-x32\...\Hilfe Assistent) (Version: 1.1.0.117 - Deutsche Telekom AG)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.2.26318 - Grinding Gear Games)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Q-Dir (HKLM-x32\...\Q-Dir) (Version:  - )
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.04 (64-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shutter (HKLM-x32\...\Shutter_is1) (Version: 2.90 - [den4b] Denis Kozlov)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.0 Beta 1 (HKLM-x32\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - )
ThinkVantage Fingerprint Software (HKLM\...\{68D50088-CE92-4FF0-A220-D875E2E73151}) (Version: 6.0.0.8102 - Authentec Inc.)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.0.0.0 - Manuel Hoefs (Zottel))
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.2.0 - The Within Network, LLC)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2188346229-3230158822-2549671659-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2188346229-3230158822-2549671659-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

14-03-2015 21:15:00 Windows Update
19-03-2015 21:57:23 Revo Uninstaller's restore point - WTFast 3.5

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-02-28 03:58 - 00522709 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09225052-7134-48AD-8912-965E160303A0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {14841AE0-F157-4008-8EBB-E5795D4D10A8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {353F62AE-9678-48DE-A147-1EFC33ACB4AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {49314271-048C-4AE9-B62E-A3F5252846C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {638FE041-FE18-486C-BAAB-803CBE7B0845} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {658CCF03-E137-42BE-B917-BC0F039CDF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {B0DD2224-9E7E-4324-AC28-AC5594725AFF} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C08517A9-1FDC-4041-ACD1-5E409138FFB5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FF26E9D3-5078-4680-997B-EFE73EE24265} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-09-03 01:24 - 2012-09-03 01:24 - 00011776 _____ () C:\Windows\UnsignedThemesSvc.exe
2011-04-11 08:26 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2013-03-30 18:36 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-08 00:01 - 2013-04-23 05:54 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2015-03-20 16:38 - 2015-03-20 16:38 - 00380416 _____ () C:\Downloads\FRST64\Gmer-19357.exe
2014-09-22 23:05 - 2014-09-22 23:05 - 00121875 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 02525203 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00079379 _____ () C:\Program Files\VideoLAN\VLC\libgcc_s_seh-1.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00145427 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00980499 _____ () C:\Program Files\VideoLAN\VLC\libstdc++-6.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00034323 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00070675 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 02380307 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00107027 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00264211 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00081427 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00050707 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00064531 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00609299 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00151059 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00125459 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00044051 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00140819 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00984083 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00318995 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 01474067 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00058387 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00043027 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00190995 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 11667987 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00124435 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00076307 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00040979 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00341523 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 01526803 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00330771 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00417811 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00231443 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00030227 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 01746451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00190995 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00833043 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00022547 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00032275 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00218643 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 11220499 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00858131 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00040979 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00028691 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00676371 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00121875 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00032787 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-09-22 23:05 - 2014-09-22 23:05 - 00057875 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00027155 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00072723 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 00022547 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-09-22 23:06 - 2014-09-22 23:06 - 01506323 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-14 15:49 - 2014-07-14 15:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 15:49 - 2014-07-14 15:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-05-08 00:01 - 2013-04-23 05:54 - 00114176 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMROV.DLL
2014-08-15 22:29 - 2014-07-14 15:49 - 00049744 _____ () C:\Users\svens_000\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-03-30 18:46 - 2012-07-18 11:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-14 00:42 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-14 00:42 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-14 00:42 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-14 00:42 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
2013-03-31 12:08 - 2015-02-28 17:07 - 03348080 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-03-31 12:08 - 2015-02-28 17:07 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-03-31 12:08 - 2015-02-28 17:07 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:21654C57
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Hilfe Assistent"
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\StartupApproved\Run: => "BoxCryptor"
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\StartupApproved\Run: => "CyberGhost"

==================== Accounts: =============================

Administrator (S-1-5-21-2188346229-3230158822-2549671659-500 - Administrator - Disabled)
Gast (S-1-5-21-2188346229-3230158822-2549671659-501 - Limited - Disabled)
svens_000 (S-1-5-21-2188346229-3230158822-2549671659-1001 - Administrator - Enabled) => C:\Users\svens_000

==================== Faulty Device Manager Devices =============

Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 00:40:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/20/2015 00:40:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/20/2015 00:40:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/19/2015 10:41:26 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (03/19/2015 10:36:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (03/19/2015 09:52:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/17/2015 11:33:38 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/14/2015 11:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.18.28431, Zeitstempel: 0x53c3ed8f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5

Error: (03/14/2015 11:05:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
  bei System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)
  bei System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)
  bei Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)
  bei Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
  bei Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/14/2015 11:05:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.18.28431, Zeitstempel: 0x53c3ed8f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x6bc
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5


System errors:
=============
Error: (03/20/2015 00:12:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0xc190010e fehlgeschlagen: German ESD Bundle Parent

Error: (03/20/2015 11:38:29 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "INTRADEEP_T430U" auf Transport "NetBT_Tcpip_{88354070-9386-4ECB-8A55-7AD339507ACF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (03/19/2015 11:38:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/15/2015 08:56:42 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "INTRADEEP_T430U" auf Transport "NetBT_Tcpip_{88354070-9386-4ECB-8A55-7AD339507ACF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (03/14/2015 11:06:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (03/14/2015 11:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2015 11:05:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/20/2015 00:40:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\FRST64\esetsmartinstaller_deu.exe

Error: (03/20/2015 00:40:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\FRST64\esetsmartinstaller_deu.exe

Error: (03/20/2015 00:40:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\FRST64\esetsmartinstaller_deu.exe

Error: (03/19/2015 10:41:26 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

Error: (03/19/2015 10:36:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

Error: (03/19/2015 09:52:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/17/2015 11:33:38 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/14/2015 11:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.18.2843153c3ed8fKERNELBASE.dll6.2.9200.16864531d2be6e043435200010f2281401d05ea308ea0f86C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\SYSTEM32\KERNELBASE.dll4a7f8133-ca96-11e4-beac-6036dd6394ed

Error: (03/14/2015 11:05:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
  bei System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)
  bei System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)
  bei Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)
  bei Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
  bei Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/14/2015 11:05:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.18.2843153c3ed8fKERNELBASE.dll6.2.9200.16864531d2be6e043435200010f226bc01d05ea2f878f22bC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\SYSTEM32\KERNELBASE.dll39893b2f-ca96-11e4-beac-6036dd6394ed


CodeIntegrity Errors:
===================================
  Date: 2014-04-29 21:28:07.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 21:28:07.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 19:12:43.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 19:12:43.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 21:08:38.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 21:08:38.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 21:08:28.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 21:08:28.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 21:01:05.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 21:01:05.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 67%
Total physical RAM: 8036.17 MB
Available physical RAM: 2638.93 MB
Total Pagefile: 10980.17 MB
Available Pagefile: 4290.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.25 GB) (Free:155.11 GB) NTFS
Drive e: () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER:
Fehler - C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Fehler - \ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

intradeep 20.03.2015 19:06
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-20 17:59:08
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003f TOSHIBA_MK5061GSY rev.MC102E 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\SVENS_~1\AppData\Local\Temp\kwkiqfow.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                          fffff96000116e00 7 bytes [00, 3C, 7F, 01, 00, FA, F1]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                      fffff96000116e08 7 bytes [01, 22, C0, FF, 00, D7, DA]

---- User code sections - GMER 2.1 ----

.text  C:\Windows\System32\spoolsv.exe[2036] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Windows\System32\spoolsv.exe[2036] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                                        000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                                      000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                              000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                                      000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                              000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                        000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                    000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                        000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                  000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                      000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                                                000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\USER32.dll!CreateWindowExW                                                        000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                                              000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                                    000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                                    000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                                                000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Windows\system32\dwm.exe[2076] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                          000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                        000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                  000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                          000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                    000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                  000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                          000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                      000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                            000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                    000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                        000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                  000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\USER32.dll!CreateWindowExW                            000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                        000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                        000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                  000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                      000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                    000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                          000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                        000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                        000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                        000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2096] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                      000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Windows\system32\nvvsvc.exe[2104] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                  000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Windows\system32\nvvsvc.exe[2104] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                  000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Windows\system32\nvvsvc.exe[2104] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Windows\system32\nvvsvc.exe[2104] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                        000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Windows\system32\nvvsvc.exe[2104] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                        000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                    000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                  000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation            000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                    000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW              000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx            000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                    000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                      000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW              000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                  000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW            000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\USER32.dll!CreateWindowExW                      000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo          000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                  000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                  000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW            000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList              000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                    000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                  000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306        000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314        000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                  000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                  000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[2276] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[2636] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[2636] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[2552] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                        000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[2552] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                        000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                                000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                              000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                        000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                                000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                          000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                        000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                            000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                  000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                          000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                              000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                                        000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW                                                  000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo                                      000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA                                              000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW                                              000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW                                        000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                            000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Windows\system32\taskhostex.exe[4524] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                          000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                    000007f91cdb259c 8 bytes JMP 000007fa1a200340
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                  000007f91cdb6b00 9 bytes JMP 000007fa1a200298
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation          000007f91ce35908 7 bytes JMP 000007fa1a200260
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                  000007f91ce51610 7 bytes JMP 000007fa1a2002d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW            000007f91ce649a4 7 bytes JMP 000007fa1a200228
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx          000007f91ce64a38 8 bytes JMP 000007fa1a2001f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                    000007f91ce65074 8 bytes JMP 000007fa1a200308
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                000007f91a2b1f70 7 bytes JMP 000007fa1a2000d8
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                    000007f91a2b1ff0 5 bytes JMP 000007fa1a200180
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW              000007f91a2b5880 5 bytes JMP 000007fa1a200110
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                  000007f91a2b8650 6 bytes JMP 000007fa1a200148
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW            000007f91a2e0510 5 bytes JMP 000007fa1a2001b8
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\USER32.dll!CreateWindowExW                    000007f91c3fa0d0 7 bytes JMP 000007fa1a200420
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo          000007f91c40e240 9 bytes JMP 000007fa1a200378
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                000007f91c40eda0 5 bytes JMP 000007fa1a2003b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                000007f91c40f2e0 5 bytes JMP 000007fa1a2003e8
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW            000007f91c40f5b0 5 bytes JMP 000007fa1a200458
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo              000007f91cab1070 8 bytes JMP 000007fa1a2004c8
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList            000007f91cad0b70 8 bytes JMP 000007fa1a200490
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex                    000007f90d89ada0 5 bytes JMP 000007f91a2005a8
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9                      000007f90d8bd6c8 6 bytes JMP 000007f91a200570
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                  000007f91c552100 5 bytes JMP 000007fa1a200500
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4676] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                  000007f91c565d4c 7 bytes JMP 000007fa1a200538
.text  C:\Windows\Explorer.EXE[4992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                        000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Windows\Explorer.EXE[4992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                        000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Windows\Explorer.EXE[4992] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                      000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Windows\Explorer.EXE[4992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                              000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Windows\Explorer.EXE[4992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                              000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                                    000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                                  000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                            000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                                    000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                              000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                            000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                    000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                              000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                  000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                                            000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\USER32.dll!CreateWindowExW                                                      000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                                          000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                                  000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                                  000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                                            000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                                                    000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Windows\system32\igfxEM.exe[3312] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                                                  000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                                    000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                                  000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                            000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                                    000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                              000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                            000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                    000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                              000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                  000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                                            000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\USER32.dll!CreateWindowExW                                                      000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                                          000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                                  000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                                  000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                                            000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                                                    000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Windows\system32\igfxHK.exe[4340] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                                                  000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                000007f91cdb259c 8 bytes JMP 000007fa1a200340
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                              000007f91cdb6b00 9 bytes JMP 000007fa1a200298
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                      000007f91ce35908 7 bytes JMP 000007fa1a200260
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                              000007f91ce51610 7 bytes JMP 000007fa1a2002d0
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                        000007f91ce649a4 7 bytes JMP 000007fa1a200228
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                      000007f91ce64a38 8 bytes JMP 000007fa1a2001f0
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                000007f91ce65074 8 bytes JMP 000007fa1a200308
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                            000007f91a2b1f70 7 bytes JMP 000007fa1a2000d8
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                000007f91a2b1ff0 5 bytes JMP 000007fa1a200180
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                          000007f91a2b5880 5 bytes JMP 000007fa1a200110
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                              000007f91a2b8650 6 bytes JMP 000007fa1a200148
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                        000007f91a2e0510 5 bytes JMP 000007fa1a2001b8
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\USER32.dll!CreateWindowExW                                000007f91c3fa0d0 7 bytes JMP 000007fa1a200420
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                      000007f91c40e240 9 bytes JMP 000007fa1a200378
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                            000007f91c40eda0 5 bytes JMP 000007fa1a2003b0
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                            000007f91c40f2e0 5 bytes JMP 000007fa1a2003e8
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                        000007f91c40f5b0 5 bytes JMP 000007fa1a200458
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                          000007f91cab1070 8 bytes JMP 000007fa1a2004c8
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                        000007f91cad0b70 8 bytes JMP 000007fa1a200490
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                              000007f91c552100 5 bytes JMP 000007fa1a200500
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                              000007f91c565d4c 7 bytes JMP 000007fa1a200538
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                            000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                            000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[4444] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                          000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                            000007f91cdb259c 8 bytes JMP 000007fa1a200340
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                          000007f91cdb6b00 9 bytes JMP 000007fa1a200298
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                    000007f91ce35908 7 bytes JMP 000007fa1a200260
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                            000007f91ce51610 7 bytes JMP 000007fa1a2002d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                      000007f91ce649a4 7 bytes JMP 000007fa1a200228
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                    000007f91ce64a38 8 bytes JMP 000007fa1a2001f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                            000007f91ce65074 8 bytes JMP 000007fa1a200308
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                        000007f91a2b1f70 7 bytes JMP 000007fa1a2000d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                              000007f91a2b1ff0 5 bytes JMP 000007fa1a200180
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                      000007f91a2b5880 5 bytes JMP 000007fa1a200110
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                          000007f91a2b8650 6 bytes JMP 000007fa1a200148
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                    000007f91a2e0510 5 bytes JMP 000007fa1a2001b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\USER32.dll!CreateWindowExW                              000007f91c3fa0d0 7 bytes JMP 000007fa1a200420
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                  000007f91c40e240 9 bytes JMP 000007fa1a200378
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                          000007f91c40eda0 5 bytes JMP 000007fa1a2003b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                          000007f91c40f2e0 5 bytes JMP 000007fa1a2003e8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                    000007f91c40f5b0 5 bytes JMP 000007fa1a200458
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                        000007f91cab1070 8 bytes JMP 000007fa1a2004c8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                      000007f91cad0b70 8 bytes JMP 000007fa1a200490
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                          000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                          000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                        000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                            000007f91c552100 5 bytes JMP 000007fa1a200500
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2248] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                          000007f91c565d4c 7 bytes JMP 000007fa1a200538
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                      000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                    000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                            000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                    000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                              000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                            000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                      000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                  000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                      000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                    000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                              000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                        000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                        000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\USER32.dll!CreateWindowExW                                      000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                            000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                  000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                  000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                              000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                              000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                                    000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6308] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                                    000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                      000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                    000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                            000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                    000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                              000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                            000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                      000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                  000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                      000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                    000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                              000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\USER32.dll!CreateWindowExW                                      000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                            000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                  000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                  000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                              000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                              000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                                    000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6448] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                                    000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                  000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                          000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                  000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                            000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                          000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                  000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                              000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                    000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                            000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                          000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                      000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                      000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\USER32.dll!CreateWindowExW                                    000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                        000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                          000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                              000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6544] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                            000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                              000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                      000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                              000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                        000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                      000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                            000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                          000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                              000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                        000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\USER32.dll!CreateWindowExW                                000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                      000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                            000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                            000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                        000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                          000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                        000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                              000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                              000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                  000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[6732] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                  000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW              000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW            000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation    000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW            000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW      000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx    000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA              000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW          000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNELBASE.dll!FreeLibrary              000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW        000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW            000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW      000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\USER32.dll!CreateWindowExW              000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo    000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA          000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW          000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW      000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo        000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList      000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690          000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698          000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246        000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance            000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[6768] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket            000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNEL32.dll!RegSetValueExW                        000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW                      000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation              000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW                      000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW                000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx              000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNEL32.dll!RegSetValueExA                        000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                    000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                        000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                  000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                      000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\USER32.dll!CreateWindowExW                        000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo              000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                    000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                    000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                  000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[6892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                  000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                          000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                  000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                            000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                          000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                  000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                              000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                    000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                            000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                          000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                    000007f90a3d1b32 4 bytes [3D, 0A, F9, 07]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                    000007f90a3d1b3a 4 bytes [3D, 0A, F9, 07]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\USER32.dll!CreateWindowExW                                    000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                        000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                          000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                              000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                            000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                      000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                      000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                                  000007f91c552100 5 bytes JMP 000007fa1a220500
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[6024] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                                000007f91c565d4c 7 bytes JMP 000007fa1a220538
.text  C:\Windows\System32\rundll32.exe[6204] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Windows\System32\rundll32.exe[6204] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Windows\System32\rundll32.exe[6204] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                              000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                          000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                        000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                        000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                  000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                          000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                      000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                          000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                    000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                        000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                  000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\USER32.dll!CreateWindowExW                          000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                      000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                      000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                  000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                    000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4776] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                  000007f91cad0b70 8 bytes JMP 000007fa1a220490
.text  C:\Windows\system32\rundll32.exe[964] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                000007f916861532 4 bytes [86, 16, F9, 07]
.text  C:\Windows\system32\rundll32.exe[964] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                000007f91686153a 4 bytes [86, 16, F9, 07]
.text  C:\Windows\system32\rundll32.exe[964] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                              000007f91686165a 4 bytes [86, 16, F9, 07]
.text  C:\Windows\system32\rundll32.exe[964] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007f91b02177a 4 bytes [02, 1B, F9, 07]
.text  C:\Windows\system32\rundll32.exe[964] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007f91b021782 4 bytes [02, 1B, F9, 07]
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                                    000007f91cdb259c 8 bytes JMP 000007fa1a220340
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                                  000007f91cdb6b00 9 bytes JMP 000007fa1a220298
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                            000007f91ce35908 7 bytes JMP 000007fa1a220260
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                                    000007f91ce51610 7 bytes JMP 000007fa1a2202d0
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                              000007f91ce649a4 7 bytes JMP 000007fa1a220228
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                            000007f91ce64a38 8 bytes JMP 000007fa1a2201f0
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                    000007f91ce65074 8 bytes JMP 000007fa1a220308
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                000007f91a2b1f70 7 bytes JMP 000007fa1a2200d8
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007f91a2b1ff0 5 bytes JMP 000007fa1a220180
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                              000007f91a2b5880 5 bytes JMP 000007fa1a220110
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                  000007f91a2b8650 6 bytes JMP 000007fa1a220148
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW                                            000007f91a2e0510 5 bytes JMP 000007fa1a2201b8
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\USER32.dll!CreateWindowExW                                                      000007f91c3fa0d0 7 bytes JMP 000007fa1a220420
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                                          000007f91c40e240 9 bytes JMP 000007fa1a220378
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                                  000007f91c40eda0 5 bytes JMP 000007fa1a2203b0
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                                  000007f91c40f2e0 5 bytes JMP 000007fa1a2203e8
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW                                            000007f91c40f5b0 5 bytes JMP 000007fa1a220458
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007f91cab1070 8 bytes JMP 000007fa1a2204c8
.text  C:\Windows\WinStore\WSHost.exe[8080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007f91cad0b70 8 bytes JMP 000007fa1a220490

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [1380:7348]                                                                                                fffff960008245e8

---- EOF - GMER 2.1 ----
--- --- ---


ESET online scanner log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cd6fb58c118b084fb9da5619d77cb018
# engine=22992
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-20 12:27:20
# local_time=2015-03-20 01:27:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12462 4324770 0 0
# scanned=67461
# found=2
# cleaned=0
# scan_time=2683
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\PDFCreator-1_7_2_setup_offline.exe"
MBAB:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.03.2015
Scan Time: 18:30:59
Logfile: mbaw-log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.14.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: svens_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348839
Time Elapsed: 18 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.PutLocker.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\koalekbhpbggkcfhkkbolikjoaobbppi, , [f377fd4846442016ad09cced5ea59070],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Könnt Ihr mir weiterhelfen? Ich bin ratlos! Vielen Dank!

schrauber 23.03.2015 23:02
hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

intradeep 24.03.2015 16:13
AdwCleaner:
Code:
# AdwCleaner v4.113 - Bericht erstellt 24/03/2015 um 15:18:34
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-23.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : svens_000 - INTRADEEP_T430U
# Gestarted von : C:\Downloads\FRST64\AdwCleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
Datei Gelöscht : C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v41.0.2272.101

[C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://anidb.net/perl-bin/animedb.pl?show=animelist&adb.search={searchTerms}&do.search=search

*************************

AdwCleaner[R0].txt - [5914 Bytes] - [14/03/2015 20:19:30]
AdwCleaner[R1].txt - [1553 Bytes] - [24/03/2015 14:57:30]
AdwCleaner[S0].txt - [5254 Bytes] - [14/03/2015 20:24:49]
AdwCleaner[S1].txt - [1475 Bytes] - [24/03/2015 15:18:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1534  Bytes] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by svens_000 on 24.03.2015 at 15:23:27,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.03.2015 at 15:29:44,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by svens_000 (administrator) on INTRADEEP_T430U on 24-03-2015 15:59:59
Running from C:\Downloads\FRST64
Loaded Profiles: svens_000 (Available profiles: svens_000)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Nenad Hrg (SoftwareOK.com)) C:\Program Files (x86)\Q-Dir\Q-Dir.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Thisisu) C:\Downloads\FRST64\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079352 2013-05-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-05-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86376 2013-09-12] (Authentec Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Hilfe Assistent] => C:\Program Files (x86)\Hilfe Assistent\Hilfe_Assistent.exe [18586432 2013-08-30] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5306776 2014-11-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [603904 2014-10-17] (Acronis International GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\Run: [BoxCryptor] => C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe [4142848 2013-04-27] (Secomba GmbH)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
SSODL: EldosMountNotificator-cbfs4 - {E16C39B0-91F1-4EC1-B195-A6BA9F9BCA8D} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {E16C39B0-91F1-4EC1-B195-A6BA9F9BCA8D} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {A4E57277-42D1-4DC7-821A-91A21A863848} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {A4E57277-42D1-4DC7-821A-91A21A863848} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=C45A6036DD6394ED
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-30]
CHR Extension: (Google Drive) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-30]
CHR Extension: (WOT) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-03-20]
CHR Extension: (YouTube) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-30]
CHR Extension: (Adblock Plus) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-29]
CHR Extension: (Silverlight for Chrome) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnklfhofbcfndknbonklnijndoeknal [2015-02-27]
CHR Extension: (Google Search) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-30]
CHR Extension: (High Contrast) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2013-04-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-06-03]
CHR Extension: (Session Buddy) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-04-02]
CHR Extension: (AdBlock) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-19]
CHR Extension: (Tabman Tabs Manager) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm [2013-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (ScriptSafe) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-03-20]
CHR Extension: (Gmail) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-31] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385216 2013-04-24] (EldoS Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-03-22] (Acronis International GmbH)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-03-22] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-03-22] (Acronis International GmbH)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 15:29 - 2015-03-24 15:29 - 00000622 _____ () C:\Users\svens_000\Desktop\JRT.txt
2015-03-24 15:21 - 2015-03-24 15:21 - 00000460 __RSH () C:\ProgramData\ntuser.pol
2015-03-24 14:39 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-03-24 14:39 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-23 16:41 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-23 16:41 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-23 16:41 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-23 16:41 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-23 16:40 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-03-23 16:40 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-22 15:24 - 2015-03-22 15:25 - 00000000 ____D () C:\ProgramData\Acronis
2015-03-22 15:24 - 2015-03-22 15:24 - 00304416 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys
2015-03-22 15:24 - 2015-03-22 15:24 - 00296736 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\file_tracker.sys
2015-03-22 15:24 - 2015-03-22 15:24 - 00001272 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2015.lnk
2015-03-22 15:24 - 2015-03-22 15:24 - 00001260 _____ () C:\Users\Public\Desktop\Acronis True Image 2015.lnk
2015-03-22 15:24 - 2015-03-22 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-03-22 15:24 - 2015-03-22 15:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2015-03-22 13:06 - 2015-03-22 13:07 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Acronis
2015-03-22 13:05 - 2015-03-22 15:24 - 01328928 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib.sys
2015-03-22 13:05 - 2015-03-22 13:05 - 00234784 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2015-03-22 13:05 - 2015-03-22 13:05 - 00134432 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
2015-03-21 14:19 - 2015-03-24 15:23 - 00000000 ___RD () C:\Users\svens_000\OneDrive
2015-03-21 14:16 - 2015-03-21 14:16 - 00001497 _____ () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-21 14:16 - 2015-03-21 14:16 - 00000020 ___SH () C:\Users\svens_000\ntuser.ini
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-03-21 14:09 - 2015-03-21 14:09 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-03-21 13:56 - 2015-03-21 13:56 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default\AppData\LocalGoogle
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default User\AppData\LocalGoogle
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-03-21 13:48 - 2015-03-21 13:48 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-03-21 13:46 - 2015-03-21 14:19 - 00000000 ____D () C:\Users\svens_000
2015-03-21 13:46 - 2015-03-21 13:47 - 00000000 ___RD () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Vorlagen
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Startmenü
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Netzwerkumgebung
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Lokale Einstellungen
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Eigene Dateien
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Druckumgebung
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Documents\Eigene Musik
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Documents\Eigene Bilder
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\AppData\Local\Verlauf
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\AppData\Local\Anwendungsdaten
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Anwendungsdaten
2015-03-21 13:46 - 2014-11-21 12:08 - 00000000 ___RD () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-21 13:46 - 2014-11-21 12:08 - 00000000 ___RD () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-21 13:46 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-21 13:46 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-21 13:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-21 13:44 - 2015-03-21 14:10 - 00024768 _____ () C:\WINDOWS\diagwrn.xml
2015-03-21 13:44 - 2015-03-21 14:10 - 00024768 _____ () C:\WINDOWS\diagerr.xml
2015-03-21 13:36 - 2015-03-24 15:42 - 01326724 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-21 13:36 - 2015-03-24 14:47 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-03-21 13:36 - 2015-03-24 14:47 - 00001741 _____ () C:\WINDOWS\LkmdfCoInst.log
2015-03-21 13:36 - 2015-03-21 13:57 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-21 13:36 - 2015-03-21 13:57 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-21 13:36 - 2015-03-21 13:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-21 13:36 - 2015-03-21 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-21 13:36 - 2015-03-21 13:53 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____D () C:\Program Files\AuthenTec
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____D () C:\iBTWU
2015-03-21 13:36 - 2014-12-13 09:03 - 06859408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 03513488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 01097360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-03-21 13:36 - 2014-12-13 09:03 - 00628040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-03-21 13:36 - 2014-12-13 00:11 - 04151176 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-03-21 13:35 - 2015-03-21 13:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-03-21 13:35 - 2015-03-21 13:35 - 00000000 ____D () C:\Program Files\Realtek
2015-03-21 13:34 - 2015-03-21 13:53 - 00000000 ____D () C:\Program Files\Intel
2015-03-21 13:34 - 2015-03-21 13:34 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-03-21 13:34 - 2015-03-21 13:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-03-21 13:34 - 2015-03-21 13:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-03-21 13:34 - 2015-03-21 13:34 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-21 13:34 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-03-21 13:34 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-03-21 13:31 - 2015-03-21 14:16 - 00000000 ___DC () C:\WINDOWS\Panther
2015-03-21 13:31 - 2015-03-21 13:31 - 00000000 __SHD () C:\Recovery
2015-03-21 13:30 - 2015-03-21 13:30 - 00000000 ____D () C:\Windows.old
2015-03-21 13:29 - 2015-03-21 13:29 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-21 13:29 - 2015-03-21 13:29 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-21 13:28 - 2015-03-21 13:28 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-21 13:28 - 2015-03-21 13:28 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-21 13:28 - 2015-03-21 13:28 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-03-21 13:28 - 2015-03-21 13:28 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-21 13:27 - 2015-03-21 13:27 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-21 13:26 - 2015-03-21 13:26 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-21 13:26 - 2015-03-21 13:26 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-21 13:26 - 2015-03-21 13:26 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-21 13:26 - 2015-03-21 13:26 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-21 13:26 - 2015-03-21 13:26 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-21 13:26 - 2015-03-21 13:26 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-21 13:26 - 2015-03-21 13:26 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-21 13:26 - 2015-03-21 13:26 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-21 13:25 - 2015-03-21 13:25 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-21 13:25 - 2015-03-21 13:25 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-21 13:25 - 2015-03-21 13:25 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-21 13:24 - 2015-03-21 13:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-21 13:24 - 2015-03-21 13:24 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-21 13:23 - 2015-03-21 13:23 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-21 13:23 - 2015-03-21 13:23 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-03-21 13:23 - 2015-03-21 13:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-21 13:21 - 2015-03-21 13:21 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-21 13:20 - 2015-03-21 13:20 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-03-21 13:12 - 2015-03-21 13:57 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-21 13:12 - 2015-03-21 13:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-03-21 13:12 - 2015-03-21 13:12 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-21 13:12 - 2015-03-21 13:12 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-21 13:12 - 2015-03-21 13:12 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-03-21 13:11 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-03-21 13:11 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-21 13:11 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-03-21 13:11 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-03-20 19:02 - 2015-03-20 19:10 - 00135195 _____ () C:\Users\svens_000\Desktop\chrome tabs malware Seite 2.txt
2015-03-20 16:46 - 2015-03-20 16:46 - 00000000 _____ () C:\Users\svens_000\defogger_reenable
2015-03-20 12:13 - 2015-03-21 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-03-20 12:13 - 2015-03-20 15:26 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\mIRC
2015-03-20 12:13 - 2015-03-20 12:13 - 00000823 _____ () C:\Users\Public\Desktop\mIRC.lnk
2015-03-20 11:51 - 2015-03-21 14:10 - 00008142 _____ () C:\WINDOWS\comsetup.log
2015-03-20 00:40 - 2015-03-20 00:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-20 00:07 - 2015-03-21 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-03-20 00:07 - 2015-03-20 01:00 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-03-20 00:07 - 2015-03-20 00:07 - 00001126 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-03-20 00:07 - 2015-03-20 00:07 - 00000000 ____D () C:\ProgramData\Licenses
2015-03-20 00:07 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2015-03-19 23:37 - 2015-03-19 23:37 - 00522709 _____ () C:\WINDOWS\system32\Drivers\etc\HOSTS.tmp
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\abelhadigital.com
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2015-03-19 22:16 - 2015-03-21 13:57 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-03-19 22:16 - 2015-03-19 22:16 - 00002170 _____ () C:\Users\svens_000\Desktop\JDownloader 2.lnk
2015-03-19 22:14 - 2015-03-23 00:03 - 00000000 ____D () C:\Users\svens_000\AppData\Local\JDownloader 2.0
2015-03-14 22:57 - 2015-03-24 15:20 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-03-14 21:11 - 2015-01-29 09:30 - 00011056 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2015-03-14 20:56 - 2015-03-14 20:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2015-03-14 20:28 - 2015-03-14 20:28 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-03-14 20:19 - 2015-03-24 15:18 - 00000000 ____D () C:\AdwCleaner
2015-03-14 18:40 - 2015-03-20 18:52 - 00192518 _____ () C:\Users\svens_000\Desktop\chrome tabs malware.txt
2015-03-14 18:29 - 2015-03-14 18:29 - 00000000 ____D () C:\Users\svens_000\AppData\Local\AAA_Internet_Publishing,_
2015-03-14 18:29 - 2014-10-15 14:18 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SPORDER.DLL
2015-03-14 12:22 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-14 11:59 - 2015-03-20 18:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 11:57 - 2015-03-21 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-14 11:57 - 2015-03-14 11:57 - 00001149 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-14 11:57 - 2015-03-14 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-14 11:57 - 2015-03-14 11:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-14 11:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-14 11:57 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-14 11:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-14 00:46 - 2015-03-24 16:00 - 00000000 ____D () C:\FRST
2015-03-14 00:46 - 2015-03-14 00:46 - 00001311 _____ () C:\Users\svens_000\Desktop\Revo Uninstaller.lnk
2015-03-14 00:46 - 2015-03-14 00:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-27 23:21 - 2015-03-21 13:57 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-27 23:21 - 2015-02-27 23:21 - 00002346 _____ () C:\Users\svens_000\Desktop\Chrome App Launcher.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-24 15:27 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-24 15:27 - 2014-11-21 03:45 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-24 15:27 - 2014-11-21 03:45 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-24 15:23 - 2013-03-30 14:29 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 15:20 - 2014-11-20 19:24 - 00006494 _____ () C:\WINDOWS\PFRO.log
2015-03-24 15:20 - 2013-08-22 15:46 - 00304465 _____ () C:\WINDOWS\setupact.log
2015-03-24 15:20 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-24 15:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-24 15:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-24 15:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-24 15:12 - 2013-03-30 14:29 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 15:05 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-24 14:57 - 2014-03-16 13:39 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\ClassicShell
2015-03-23 11:41 - 2014-11-21 23:00 - 00000000 ___HD () C:\$Windows.~BT
2015-03-23 11:19 - 2013-03-31 12:29 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\vlc
2015-03-22 23:37 - 2013-03-30 14:05 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2188346229-3230158822-2549671659-1001
2015-03-22 23:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-22 15:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-03-21 14:19 - 2013-03-30 13:57 - 00000000 ____D () C:\Users\svens_000\AppData\Local\Packages
2015-03-21 14:18 - 2013-03-30 13:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-03-21 14:16 - 2014-09-20 11:20 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-03-21 14:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-21 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-21 14:11 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2015-03-21 14:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-21 14:10 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-21 14:06 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-03-21 14:06 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-21 13:58 - 2013-08-22 15:44 - 00559904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-21 13:57 - 2014-12-13 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir
2015-03-21 13:57 - 2014-11-21 04:13 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-21 13:57 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-21 13:57 - 2014-04-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-21 13:57 - 2014-04-28 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-03-21 13:57 - 2014-04-27 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2015-03-21 13:57 - 2014-04-23 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-21 13:57 - 2014-04-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-03-21 13:57 - 2014-04-15 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-21 13:57 - 2014-03-29 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-03-21 13:57 - 2014-03-29 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-03-21 13:57 - 2014-02-21 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-21 13:57 - 2014-02-20 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
2015-03-21 13:57 - 2014-01-18 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinkVantage
2015-03-21 13:57 - 2014-01-08 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-21 13:57 - 2014-01-05 16:52 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-03-21 13:57 - 2014-01-03 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deutsche Telekom
2015-03-21 13:57 - 2013-12-01 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
2015-03-21 13:57 - 2013-09-29 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-21 13:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioDatabase
2015-03-21 13:57 - 2013-08-09 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2015-03-21 13:57 - 2013-07-27 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-03-21 13:57 - 2013-05-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-03-21 13:57 - 2013-04-28 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-21 13:57 - 2013-04-24 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
2015-03-21 13:57 - 2013-04-06 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutter
2015-03-21 13:57 - 2013-04-06 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2015-03-21 13:57 - 2013-04-02 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2015-03-21 13:57 - 2013-04-02 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostgum
2015-03-21 13:57 - 2013-04-01 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-03-21 13:57 - 2013-04-01 19:30 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-21 13:57 - 2013-04-01 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-21 13:57 - 2013-04-01 16:51 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2015-03-21 13:57 - 2013-04-01 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2015-03-21 13:57 - 2013-03-31 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-03-21 13:57 - 2013-03-31 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-21 13:57 - 2013-03-31 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXnicCenter
2015-03-21 13:57 - 2013-03-31 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2015-03-21 13:57 - 2013-03-31 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup4all Professional 4
2015-03-21 13:57 - 2013-03-31 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-21 13:57 - 2013-03-31 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef 2.9.2
2015-03-21 13:57 - 2013-03-31 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoxCryptor
2015-03-21 13:57 - 2013-03-31 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-03-21 13:57 - 2013-03-31 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-21 13:57 - 2013-03-30 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2015-03-21 13:57 - 2013-03-30 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2015-03-21 13:57 - 2013-03-30 18:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-21 13:57 - 2013-03-30 17:35 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-03-21 13:57 - 2013-03-30 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-21 13:56 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-03-21 13:56 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-03-21 13:56 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-03-21 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-03-21 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-21 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-03-21 13:56 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-03-21 13:56 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-03-21 13:55 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-03-21 13:54 - 2014-01-18 17:57 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-03-21 13:54 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-03-21 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-21 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-21 13:53 - 2014-08-11 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-03-21 13:53 - 2014-04-27 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-03-21 13:53 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-03-21 13:53 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-03-21 13:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-21 13:53 - 2013-04-28 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
2015-03-21 13:53 - 2013-03-31 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-21 13:53 - 2013-03-31 01:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-03-21 13:53 - 2013-03-30 13:57 - 00000000 ____D () C:\ProgramData\PRICache
2015-03-21 13:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-21 13:48 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-21 13:39 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-21 13:36 - 2013-08-22 15:46 - 00000084 _____ () C:\WINDOWS\setuperr.log
2015-03-21 13:30 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-21 13:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-21 13:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-21 13:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-21 13:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-21 13:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-21 13:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-21 13:25 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-21 13:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-21 13:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-21 13:01 - 2013-03-30 13:57 - 01403393 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-03-20 18:33 - 2014-05-29 17:38 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-03-20 15:49 - 2013-10-16 21:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-20 15:49 - 2013-10-16 21:25 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-20 15:48 - 2014-08-17 14:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-20 01:00 - 2013-03-31 02:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-19 22:16 - 2013-06-10 05:38 - 00000000 ____D () C:\Users\svens_000\JDownloader
2015-03-19 11:24 - 2014-09-11 19:11 - 00000072 _____ () C:\Autoconfig.ini
2015-03-14 21:43 - 2013-03-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 21:43 - 2012-07-26 06:26 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-14 21:30 - 2014-08-16 11:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-14 20:56 - 2013-03-30 14:02 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-14 20:27 - 2015-02-21 13:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-14 20:26 - 2013-03-31 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-14 19:25 - 2013-03-31 12:29 - 00000000 ____D () C:\WINDOWS\AutoKMS
2015-03-14 12:14 - 2013-05-07 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-03-14 12:14 - 2013-03-31 12:22 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-14 12:14 - 2013-03-31 12:22 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-14 01:04 - 2013-04-06 17:23 - 00000000 ____D () C:\Manga
2015-03-04 22:24 - 2014-11-21 12:15 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-21 12:15 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-28 17:07 - 2013-03-31 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-26 21:14 - 2013-04-01 01:09 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-22 13:26 - 2013-10-13 13:37 - 00000000 ____D () C:\Dokumente
2015-02-22 13:26 - 2013-03-31 11:46 - 00003614 _____ () C:\WINDOWS\Sandboxie.ini

==================== Files in the root of some directories =======

2013-04-27 17:06 - 2013-04-27 17:06 - 0000017 _____ () C:\Users\svens_000\AppData\Local\resmon.resmoncfg
2013-03-30 20:19 - 2013-03-30 20:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\svens_000\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\svens_000\AppData\Local\Temp\avgnt.exe
C:\Users\svens_000\AppData\Local\Temp\proxy_vole3824272886680649134.dll
C:\Users\svens_000\AppData\Local\Temp\Quarantine.exe
C:\Users\svens_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-21 13:32

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by svens_000 at 2015-03-24 16:00:41
Running from C:\Downloads\FRST64
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
Acronis True Image 2015 (HKLM-x32\...\{9C48ED33-4A66-4299-B274-BD8110AB6EAA}) (Version: 18.0.6525 - Acronis)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Backup4all Professional 4 (HKLM-x32\...\{218B007C-1526-4F16-9924-FE9AD47F0CF7}) (Version: 4.8.286 - Softland)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BoxCryptor 1.5 (HKLM-x32\...\BoxCryptor) (Version: 1.5.413.154 - Secomba GmbH)
calibre 64bit (HKLM\...\{C7B9E1F1-45A6-4AF8-A800-0FE9A2B8F30C}) (Version: 1.14.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.2 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.2.0.998 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.2 - Corel Corporation) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.54 - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.20 - Lenovo)
Energy Management (x32 Version: 8.0.2.20 - Lenovo) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hilfe Assistent (HKLM-x32\...\Hilfe Assistent) (Version: 1.1.0.117 - Deutsche Telekom AG)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.2.26318 - Grinding Gear Games)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Q-Dir (HKLM-x32\...\Q-Dir) (Version:  - )
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.04 (64-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shutter (HKLM-x32\...\Shutter_is1) (Version: 2.90 - [den4b] Denis Kozlov)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.0 Beta 1 (HKLM-x32\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - )
ThinkVantage Fingerprint Software (HKLM\...\{68D50088-CE92-4FF0-A220-D875E2E73151}) (Version: 6.0.0.8102 - Authentec Inc.)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.0.0.0 - Manuel Hoefs (Zottel))
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.2.0 - The Within Network, LLC)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2188346229-3230158822-2549671659-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2188346229-3230158822-2549671659-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

22-03-2015 15:17:59 Revo Uninstaller's restore point - Acronis True Image 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-02-28 03:58 - 00522709 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09225052-7134-48AD-8912-965E160303A0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0B4BCEC9-C924-4B5A-B91E-BC8746CD6E67} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2014-11-21] (Microsoft Corporation)
Task: {353F62AE-9678-48DE-A147-1EFC33ACB4AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {49314271-048C-4AE9-B62E-A3F5252846C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {638FE041-FE18-486C-BAAB-803CBE7B0845} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {658CCF03-E137-42BE-B917-BC0F039CDF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {AF6F1210-28A0-4EB5-AC22-FB56C9B4DB56} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {B0DD2224-9E7E-4324-AC28-AC5594725AFF} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C08517A9-1FDC-4041-ACD1-5E409138FFB5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D98E23BE-B3FB-4477-9F00-53ACFA542F99} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-21 13:36 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-11 08:26 - 2011-04-11 06:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\WINDOWS\System32\sugs2l6.dll
2013-05-08 00:01 - 2013-04-23 05:54 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-05-08 00:01 - 2013-04-23 05:54 - 00114176 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMROV.DLL
2014-11-27 08:42 - 2014-11-27 08:42 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-11-27 08:47 - 2014-11-27 08:47 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-27 08:44 - 2014-11-27 08:44 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-21 14:19 - 2014-07-14 15:49 - 00049744 _____ () C:\Users\svens_000\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-11-27 08:42 - 2014-11-27 08:42 - 00037696 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-03-30 18:46 - 2012-07-18 11:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:21654C57
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\svens_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\svens_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Hilfe Assistent"
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\StartupApproved\Run: => "BoxCryptor"
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\StartupApproved\Run: => "CyberGhost"

==================== Accounts: =============================

Administrator (S-1-5-21-2188346229-3230158822-2549671659-500 - Administrator - Disabled)
Gast (S-1-5-21-2188346229-3230158822-2549671659-501 - Limited - Disabled)
svens_000 (S-1-5-21-2188346229-3230158822-2549671659-1001 - Administrator - Enabled) => C:\Users\svens_000

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-23 16:23:51.149
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 16:23:51.024
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:47.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:47.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:47.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:46.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:46.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:46.068
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:45.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:44.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 34%
Total physical RAM: 8036.17 MB
Available physical RAM: 5281.42 MB
Total Pagefile: 9956.17 MB
Available Pagefile: 6871.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.8 GB) (Free:167.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

intradeep 24.03.2015 16:14
Bisher für mich sichtbares Resultat: Tabs Poppen immer noch auf.

schrauber 24.03.2015 19:44
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=C45A6036DD6394ED
CHR StartupUrls: Default -> ""
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

intradeep 25.03.2015 18:09
Hallo hier das Fixlogs.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by svens_000 at 2015-03-25 12:47:56 Run:1
Running from C:\Downloads\FRST64
Loaded Profiles: svens_000 (Available profiles: svens_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=C45A6036DD6394ED
CHR StartupUrls: Default -> ""
Emptytemp:
*****************

Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
EmptyTemp: => Removed 4.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:48:05 ====
ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cd6fb58c118b084fb9da5619d77cb018
# engine=22992
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-20 12:27:20
# local_time=2015-03-20 01:27:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12462 4324770 0 0
# scanned=67461
# found=2
# cleaned=0
# scan_time=2683
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\PDFCreator-1_7_2_setup_offline.exe"
SecurityCheck
Code:
Results of screen317's Security Check version 0.99.97 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop     
Windows Defender 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 SpywareBlaster 5.0   
 Java 8 Update 40 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Reader XI 
 Mozilla Thunderbird (31.5.0)
 Google Chrome (41.0.2272.101)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by svens_000 (administrator) on INTRADEEP_T430U on 25-03-2015 17:55:38
Running from C:\Downloads\FRST64
Loaded Profiles: svens_000 (Available profiles: svens_000)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Nenad Hrg (SoftwareOK.com)) C:\Program Files (x86)\Q-Dir\Q-Dir.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Users\svens_000\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079352 2013-05-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-05-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86376 2013-09-12] (Authentec Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Hilfe Assistent] => C:\Program Files (x86)\Hilfe Assistent\Hilfe_Assistent.exe [18586432 2013-08-30] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5306776 2014-11-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [603904 2014-10-17] (Acronis International GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\Run: [BoxCryptor] => C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe [4142848 2013-04-27] (Secomba GmbH)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
SSODL: EldosMountNotificator-cbfs4 - {E16C39B0-91F1-4EC1-B195-A6BA9F9BCA8D} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {E16C39B0-91F1-4EC1-B195-A6BA9F9BCA8D} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {A4E57277-42D1-4DC7-821A-91A21A863848} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {A4E57277-42D1-4DC7-821A-91A21A863848} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=C45A6036DD6394ED
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (Docs) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]
CHR Extension: (YouTube) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]
CHR Extension: (Adblock Plus) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-25]
CHR Extension: (Google Search) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-25]
CHR Extension: (High Contrast) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2015-03-25]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-03-25]
CHR Extension: (Session Buddy) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-03-25]
CHR Extension: (Google Sheets) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]
CHR Extension: (AdBlock) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-25]
CHR Extension: (Tabman Tabs Manager) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm [2015-03-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]
CHR Extension: (Gmail) - C:\Users\svens_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-31] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385216 2013-04-24] (EldoS Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-03-22] (Acronis International GmbH)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-03-22] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-03-22] (Acronis International GmbH)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 17:53 - 2015-03-25 17:54 - 00000928 _____ () C:\Users\svens_000\Desktop\checkup.txt
2015-03-25 15:19 - 2015-03-25 15:19 - 00001577 _____ () C:\Users\svens_000\Desktop\Win32DiskImager.exe - Verknüpfung.lnk
2015-03-25 15:18 - 2015-03-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2015-03-25 15:18 - 2015-03-25 15:18 - 00000000 ____D () C:\Program Files (x86)\ImageWriter
2015-03-25 13:17 - 2015-03-25 13:17 - 00002314 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 13:17 - 2015-03-25 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-25 13:06 - 2015-03-25 13:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-03-25 12:59 - 2015-03-25 12:59 - 00000000 __SHD () C:\Users\svens_000\AppData\Local\EmieUserList
2015-03-25 12:59 - 2015-03-25 12:59 - 00000000 __SHD () C:\Users\svens_000\AppData\Local\EmieSiteList
2015-03-25 12:59 - 2015-03-25 12:59 - 00000000 __SHD () C:\Users\svens_000\AppData\Local\EmieBrowserModeList
2015-03-24 16:48 - 2015-03-24 16:48 - 00000622 _____ () C:\Users\svens_000\Desktop\JRT.txt
2015-03-24 16:10 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-03-24 16:06 - 2015-03-24 16:06 - 00075685 _____ () C:\Users\svens_000\Desktop\FRST.txt
2015-03-24 16:06 - 2015-03-24 16:06 - 00001614 _____ () C:\Users\svens_000\Desktop\AdwCleaner[S1].txt
2015-03-24 16:05 - 2015-03-24 16:05 - 00027227 _____ () C:\Users\svens_000\Desktop\Addition.txt
2015-03-24 15:21 - 2015-03-24 15:21 - 00000460 __RSH () C:\ProgramData\ntuser.pol
2015-03-24 14:39 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-03-24 14:39 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-23 16:41 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-23 16:41 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-23 16:41 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-23 16:41 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-23 16:40 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-03-23 16:40 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-22 15:24 - 2015-03-22 15:25 - 00000000 ____D () C:\ProgramData\Acronis
2015-03-22 15:24 - 2015-03-22 15:24 - 00304416 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys
2015-03-22 15:24 - 2015-03-22 15:24 - 00296736 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\file_tracker.sys
2015-03-22 15:24 - 2015-03-22 15:24 - 00001272 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2015.lnk
2015-03-22 15:24 - 2015-03-22 15:24 - 00001260 _____ () C:\Users\Public\Desktop\Acronis True Image 2015.lnk
2015-03-22 15:24 - 2015-03-22 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-03-22 15:24 - 2015-03-22 15:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2015-03-22 13:06 - 2015-03-22 13:07 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Acronis
2015-03-22 13:05 - 2015-03-22 15:24 - 01328928 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib.sys
2015-03-22 13:05 - 2015-03-22 13:05 - 00234784 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2015-03-22 13:05 - 2015-03-22 13:05 - 00134432 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
2015-03-21 14:19 - 2015-03-25 13:01 - 00000000 ____D () C:\Users\svens_000\OneDrive
2015-03-21 14:16 - 2015-03-21 14:16 - 00001497 _____ () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-21 14:16 - 2015-03-21 14:16 - 00000020 ___SH () C:\Users\svens_000\ntuser.ini
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-21 14:11 - 2015-03-21 14:11 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-03-21 14:09 - 2015-03-21 14:09 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-03-21 13:56 - 2015-03-21 13:56 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default\AppData\LocalGoogle
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default User\AppData\LocalGoogle
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-21 13:56 - 2015-03-21 13:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-03-21 13:48 - 2015-03-21 13:48 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-03-21 13:46 - 2015-03-21 14:19 - 00000000 ____D () C:\Users\svens_000
2015-03-21 13:46 - 2015-03-21 13:47 - 00000000 ___RD () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Vorlagen
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Startmenü
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Netzwerkumgebung
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Lokale Einstellungen
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Eigene Dateien
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Druckumgebung
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Documents\Eigene Musik
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Documents\Eigene Bilder
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\AppData\Local\Verlauf
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\AppData\Local\Anwendungsdaten
2015-03-21 13:46 - 2015-03-21 13:46 - 00000000 _SHDL () C:\Users\svens_000\Anwendungsdaten
2015-03-21 13:46 - 2014-11-21 12:08 - 00000000 ___RD () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-21 13:46 - 2014-11-21 12:08 - 00000000 ___RD () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-21 13:46 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-21 13:46 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-21 13:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-21 13:44 - 2015-03-21 14:10 - 00024768 _____ () C:\WINDOWS\diagwrn.xml
2015-03-21 13:44 - 2015-03-21 14:10 - 00024768 _____ () C:\WINDOWS\diagerr.xml
2015-03-21 13:36 - 2015-03-25 17:52 - 01717164 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-21 13:36 - 2015-03-25 12:27 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-03-21 13:36 - 2015-03-25 12:27 - 00002705 _____ () C:\WINDOWS\LkmdfCoInst.log
2015-03-21 13:36 - 2015-03-21 13:57 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-21 13:36 - 2015-03-21 13:57 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-21 13:36 - 2015-03-21 13:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-21 13:36 - 2015-03-21 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-21 13:36 - 2015-03-21 13:53 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____D () C:\Program Files\AuthenTec
2015-03-21 13:36 - 2015-03-21 13:36 - 00000000 ____D () C:\iBTWU
2015-03-21 13:36 - 2014-12-13 09:03 - 06859408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 03513488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 01097360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-03-21 13:36 - 2014-12-13 09:03 - 00628040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-03-21 13:36 - 2014-12-13 09:03 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-03-21 13:36 - 2014-12-13 00:11 - 04151176 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-03-21 13:35 - 2015-03-21 13:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-03-21 13:35 - 2015-03-21 13:35 - 00000000 ____D () C:\Program Files\Realtek
2015-03-21 13:34 - 2015-03-21 13:53 - 00000000 ____D () C:\Program Files\Intel
2015-03-21 13:34 - 2015-03-21 13:34 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-03-21 13:34 - 2015-03-21 13:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-03-21 13:34 - 2015-03-21 13:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-03-21 13:34 - 2015-03-21 13:34 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-21 13:34 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-03-21 13:34 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-03-21 13:31 - 2015-03-21 14:16 - 00000000 ___DC () C:\WINDOWS\Panther
2015-03-21 13:31 - 2015-03-21 13:31 - 00000000 __SHD () C:\Recovery
2015-03-21 13:30 - 2015-03-24 16:25 - 00000000 ____D () C:\Windows.old
2015-03-21 13:29 - 2015-03-21 13:29 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-21 13:29 - 2015-03-21 13:29 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-21 13:29 - 2015-03-21 13:29 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-21 13:28 - 2015-03-21 13:28 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-21 13:28 - 2015-03-21 13:28 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-21 13:28 - 2015-03-21 13:28 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-03-21 13:28 - 2015-03-21 13:28 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-21 13:28 - 2015-03-21 13:28 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-21 13:27 - 2015-03-21 13:27 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-21 13:27 - 2015-03-21 13:27 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-21 13:27 - 2015-03-21 13:27 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-21 13:26 - 2015-03-21 13:26 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-21 13:26 - 2015-03-21 13:26 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-21 13:26 - 2015-03-21 13:26 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-21 13:26 - 2015-03-21 13:26 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-21 13:26 - 2015-03-21 13:26 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-21 13:26 - 2015-03-21 13:26 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-21 13:26 - 2015-03-21 13:26 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-21 13:26 - 2015-03-21 13:26 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-21 13:25 - 2015-03-21 13:25 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-21 13:25 - 2015-03-21 13:25 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-21 13:25 - 2015-03-21 13:25 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-03-21 13:25 - 2015-03-21 13:25 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-21 13:24 - 2015-03-21 13:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-21 13:24 - 2015-03-21 13:24 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-21 13:24 - 2015-03-21 13:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-21 13:23 - 2015-03-21 13:23 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-21 13:23 - 2015-03-21 13:23 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-03-21 13:23 - 2015-03-21 13:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-21 13:21 - 2015-03-21 13:21 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-21 13:21 - 2015-03-21 13:21 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-21 13:21 - 2015-03-21 13:21 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-21 13:20 - 2015-03-21 13:20 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-03-21 13:12 - 2015-03-21 13:57 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-21 13:12 - 2015-03-21 13:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-03-21 13:12 - 2015-03-21 13:12 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-21 13:12 - 2015-03-21 13:12 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-21 13:12 - 2015-03-21 13:12 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-03-21 13:11 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-03-21 13:11 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-21 13:11 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-03-21 13:11 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-03-20 19:02 - 2015-03-20 19:10 - 00135195 _____ () C:\Users\svens_000\Desktop\chrome tabs malware Seite 2.txt
2015-03-20 16:46 - 2015-03-20 16:46 - 00000000 _____ () C:\Users\svens_000\defogger_reenable
2015-03-20 12:13 - 2015-03-21 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-03-20 12:13 - 2015-03-20 15:26 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\mIRC
2015-03-20 12:13 - 2015-03-20 12:13 - 00000823 _____ () C:\Users\Public\Desktop\mIRC.lnk
2015-03-20 11:51 - 2015-03-21 14:10 - 00008142 _____ () C:\WINDOWS\comsetup.log
2015-03-20 00:40 - 2015-03-20 00:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-20 00:07 - 2015-03-21 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-03-20 00:07 - 2015-03-20 01:00 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-03-20 00:07 - 2015-03-20 00:07 - 00001126 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-03-20 00:07 - 2015-03-20 00:07 - 00000000 ____D () C:\ProgramData\Licenses
2015-03-20 00:07 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2015-03-19 23:37 - 2015-03-19 23:37 - 00522709 _____ () C:\WINDOWS\system32\Drivers\etc\HOSTS.tmp
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\abelhadigital.com
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2015-03-19 23:33 - 2015-03-19 23:33 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2015-03-19 22:16 - 2015-03-21 13:57 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-03-19 22:16 - 2015-03-19 22:16 - 00002170 _____ () C:\Users\svens_000\Desktop\JDownloader 2.lnk
2015-03-19 22:14 - 2015-03-23 00:03 - 00000000 ____D () C:\Users\svens_000\AppData\Local\JDownloader 2.0
2015-03-14 22:57 - 2015-03-24 15:20 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-03-14 21:11 - 2015-01-29 09:30 - 00011056 ____N () C:\WINDOWS\system32\AutoconfigV2.cab
2015-03-14 20:56 - 2015-03-14 20:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2015-03-14 20:28 - 2015-03-14 20:28 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-03-14 20:19 - 2015-03-24 15:18 - 00000000 ____D () C:\AdwCleaner
2015-03-14 18:40 - 2015-03-20 18:52 - 00192518 _____ () C:\Users\svens_000\Desktop\chrome tabs malware.txt
2015-03-14 18:29 - 2015-03-14 18:29 - 00000000 ____D () C:\Users\svens_000\AppData\Local\AAA_Internet_Publishing,_
2015-03-14 18:29 - 2014-10-15 14:18 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SPORDER.DLL
2015-03-14 12:22 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-14 11:59 - 2015-03-20 18:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 11:57 - 2015-03-21 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-14 11:57 - 2015-03-14 11:57 - 00001149 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-14 11:57 - 2015-03-14 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-14 11:57 - 2015-03-14 11:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-14 11:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-14 11:57 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-14 11:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-14 00:46 - 2015-03-25 17:55 - 00000000 ____D () C:\FRST
2015-03-14 00:46 - 2015-03-14 00:46 - 00001311 _____ () C:\Users\svens_000\Desktop\Revo Uninstaller.lnk
2015-03-14 00:46 - 2015-03-14 00:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 17:12 - 2013-03-30 14:29 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-25 16:32 - 2013-03-31 00:20 - 00000000 ____D () C:\Transfer
2015-03-25 15:48 - 2014-03-16 13:39 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\ClassicShell
2015-03-25 15:23 - 2013-03-30 14:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2188346229-3230158822-2549671659-1001
2015-03-25 15:02 - 2013-03-31 02:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-25 14:48 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-25 14:48 - 2014-11-21 03:45 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-25 14:48 - 2014-11-21 03:45 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-25 14:45 - 2013-08-22 15:46 - 00305802 _____ () C:\WINDOWS\setupact.log
2015-03-25 13:17 - 2013-03-30 14:29 - 00000000 ____D () C:\Users\svens_000\AppData\Local\Google
2015-03-25 12:51 - 2013-03-30 14:29 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 12:49 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-25 12:48 - 2014-11-20 19:24 - 00008510 _____ () C:\WINDOWS\PFRO.log
2015-03-25 12:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-24 16:52 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-24 15:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-24 15:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-23 11:19 - 2013-03-31 12:29 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\vlc
2015-03-22 23:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-22 15:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-03-21 14:19 - 2013-03-30 13:57 - 00000000 ____D () C:\Users\svens_000\AppData\Local\Packages
2015-03-21 14:18 - 2013-03-30 13:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-03-21 14:16 - 2014-09-20 11:20 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-03-21 14:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-21 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-21 14:11 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2015-03-21 14:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-21 14:10 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-21 14:06 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-03-21 14:06 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-21 13:58 - 2013-08-22 15:44 - 00559904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-21 13:57 - 2014-12-13 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir
2015-03-21 13:57 - 2014-11-21 04:13 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-21 13:57 - 2014-08-17 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-21 13:57 - 2014-04-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-21 13:57 - 2014-04-28 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-03-21 13:57 - 2014-04-27 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2015-03-21 13:57 - 2014-04-23 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-21 13:57 - 2014-04-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-03-21 13:57 - 2014-04-15 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-21 13:57 - 2014-03-29 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-03-21 13:57 - 2014-03-29 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-03-21 13:57 - 2014-02-21 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-21 13:57 - 2014-02-20 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
2015-03-21 13:57 - 2014-01-18 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinkVantage
2015-03-21 13:57 - 2014-01-08 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-21 13:57 - 2014-01-05 16:52 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-03-21 13:57 - 2014-01-03 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deutsche Telekom
2015-03-21 13:57 - 2013-12-01 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
2015-03-21 13:57 - 2013-09-29 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-21 13:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioDatabase
2015-03-21 13:57 - 2013-08-09 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2015-03-21 13:57 - 2013-07-27 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-03-21 13:57 - 2013-05-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-03-21 13:57 - 2013-04-28 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-21 13:57 - 2013-04-24 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
2015-03-21 13:57 - 2013-04-06 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutter
2015-03-21 13:57 - 2013-04-06 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2015-03-21 13:57 - 2013-04-02 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2015-03-21 13:57 - 2013-04-02 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostgum
2015-03-21 13:57 - 2013-04-01 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-03-21 13:57 - 2013-04-01 19:30 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-21 13:57 - 2013-04-01 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-21 13:57 - 2013-04-01 16:51 - 00000000 ____D () C:\Users\svens_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2015-03-21 13:57 - 2013-04-01 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2015-03-21 13:57 - 2013-03-31 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-03-21 13:57 - 2013-03-31 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-21 13:57 - 2013-03-31 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXnicCenter
2015-03-21 13:57 - 2013-03-31 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2015-03-21 13:57 - 2013-03-31 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup4all Professional 4
2015-03-21 13:57 - 2013-03-31 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-21 13:57 - 2013-03-31 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef 2.9.2
2015-03-21 13:57 - 2013-03-31 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoxCryptor
2015-03-21 13:57 - 2013-03-31 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-03-21 13:57 - 2013-03-31 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-21 13:57 - 2013-03-30 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2015-03-21 13:57 - 2013-03-30 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2015-03-21 13:57 - 2013-03-30 18:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-21 13:57 - 2013-03-30 17:35 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-03-21 13:56 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-03-21 13:56 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-03-21 13:56 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-03-21 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-03-21 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-21 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-03-21 13:56 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-03-21 13:56 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-03-21 13:55 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-03-21 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-03-21 13:54 - 2014-01-18 17:57 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-03-21 13:54 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-03-21 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-21 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-21 13:53 - 2014-08-11 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-03-21 13:53 - 2014-04-27 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-03-21 13:53 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-03-21 13:53 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-03-21 13:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-21 13:53 - 2013-04-28 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
2015-03-21 13:53 - 2013-03-31 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-21 13:53 - 2013-03-31 01:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-03-21 13:53 - 2013-03-30 13:57 - 00000000 ____D () C:\ProgramData\PRICache
2015-03-21 13:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-21 13:48 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-21 13:39 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-21 13:36 - 2013-08-22 15:46 - 00000084 _____ () C:\WINDOWS\setuperr.log
2015-03-21 13:30 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-21 13:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-21 13:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-21 13:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-21 13:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-21 13:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-21 13:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-21 13:25 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-21 13:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-21 13:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-21 13:01 - 2013-03-30 13:57 - 01403393 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-03-20 18:33 - 2014-05-29 17:38 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-03-20 15:49 - 2013-10-16 21:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-20 15:49 - 2013-10-16 21:25 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-20 15:48 - 2014-08-17 14:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-19 22:16 - 2013-06-10 05:38 - 00000000 ____D () C:\Users\svens_000\JDownloader
2015-03-19 11:24 - 2014-09-11 19:11 - 00000072 _____ () C:\Autoconfig.ini
2015-03-14 21:43 - 2013-03-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 21:43 - 2012-07-26 06:26 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-14 21:30 - 2014-08-16 11:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-14 20:56 - 2013-03-30 14:02 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-14 20:27 - 2015-02-21 13:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-14 20:26 - 2013-03-31 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-14 19:25 - 2013-03-31 12:29 - 00000000 ____D () C:\WINDOWS\AutoKMS
2015-03-14 12:14 - 2013-05-07 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-03-14 12:14 - 2013-03-31 12:22 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-14 12:14 - 2013-03-31 12:22 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-14 01:04 - 2013-04-06 17:23 - 00000000 ____D () C:\Manga
2015-03-04 22:24 - 2014-11-21 12:15 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-21 12:15 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-28 17:07 - 2013-03-31 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-26 21:14 - 2013-04-01 01:09 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-04-27 17:06 - 2013-04-27 17:06 - 0000017 _____ () C:\Users\svens_000\AppData\Local\resmon.resmoncfg
2013-03-30 20:19 - 2013-03-30 20:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\svens_000\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-21 13:32

==================== End Of Log ============================
--- --- ---

intradeep 25.03.2015 18:12
Und noch die Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by svens_000 at 2015-03-25 17:56:31
Running from C:\Downloads\FRST64
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
Acronis True Image 2015 (HKLM-x32\...\{9C48ED33-4A66-4299-B274-BD8110AB6EAA}) (Version: 18.0.6525 - Acronis)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Backup4all Professional 4 (HKLM-x32\...\{218B007C-1526-4F16-9924-FE9AD47F0CF7}) (Version: 4.8.286 - Softland)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BoxCryptor 1.5 (HKLM-x32\...\BoxCryptor) (Version: 1.5.413.154 - Secomba GmbH)
calibre 64bit (HKLM\...\{C7B9E1F1-45A6-4AF8-A800-0FE9A2B8F30C}) (Version: 1.14.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.2 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.2.0.998 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.2 - Corel Corporation) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.54 - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.20 - Lenovo)
Energy Management (x32 Version: 8.0.2.20 - Lenovo) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hilfe Assistent (HKLM-x32\...\Hilfe Assistent) (Version: 1.1.0.117 - Deutsche Telekom AG)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.2.26318 - Grinding Gear Games)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Q-Dir (HKLM-x32\...\Q-Dir) (Version:  - )
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.04 (64-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shutter (HKLM-x32\...\Shutter_is1) (Version: 2.90 - [den4b] Denis Kozlov)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.0 Beta 1 (HKLM-x32\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - )
ThinkVantage Fingerprint Software (HKLM\...\{68D50088-CE92-4FF0-A220-D875E2E73151}) (Version: 6.0.0.8102 - Authentec Inc.)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.0.0.0 - Manuel Hoefs (Zottel))
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.2.0 - The Within Network, LLC)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2188346229-3230158822-2549671659-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2188346229-3230158822-2549671659-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

22-03-2015 15:17:59 Revo Uninstaller's restore point - Acronis True Image 2015
25-03-2015 12:52:18 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-02-28 03:58 - 00522709 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09225052-7134-48AD-8912-965E160303A0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0B4BCEC9-C924-4B5A-B91E-BC8746CD6E67} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2014-11-21] (Microsoft Corporation)
Task: {353F62AE-9678-48DE-A147-1EFC33ACB4AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {49314271-048C-4AE9-B62E-A3F5252846C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {638FE041-FE18-486C-BAAB-803CBE7B0845} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {658CCF03-E137-42BE-B917-BC0F039CDF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {AF6F1210-28A0-4EB5-AC22-FB56C9B4DB56} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {B0DD2224-9E7E-4324-AC28-AC5594725AFF} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C08517A9-1FDC-4041-ACD1-5E409138FFB5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D98E23BE-B3FB-4477-9F00-53ACFA542F99} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-21 13:36 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-11 08:26 - 2011-04-11 06:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\WINDOWS\System32\sugs2l6.dll
2013-05-08 00:01 - 2013-04-23 05:54 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-03-22 15:29 - 2015-03-22 15:29 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-05-08 00:01 - 2013-04-23 05:54 - 00114176 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMROV.DLL
2015-03-25 12:51 - 2014-07-14 15:49 - 00049744 _____ () C:\Users\svens_000\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-11-27 08:42 - 2014-11-27 08:42 - 00037696 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-11-27 08:42 - 2014-11-27 08:42 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-11-27 08:47 - 2014-11-27 08:47 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-27 08:44 - 2014-11-27 08:44 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2013-03-30 18:46 - 2012-07-18 11:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:21654C57
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\svens_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\svens_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Hilfe Assistent"
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\StartupApproved\Run: => "BoxCryptor"
HKU\S-1-5-21-2188346229-3230158822-2549671659-1001\...\StartupApproved\Run: => "CyberGhost"

==================== Accounts: =============================

Administrator (S-1-5-21-2188346229-3230158822-2549671659-500 - Administrator - Disabled)
Gast (S-1-5-21-2188346229-3230158822-2549671659-501 - Limited - Disabled)
svens_000 (S-1-5-21-2188346229-3230158822-2549671659-1001 - Administrator - Enabled) => C:\Users\svens_000

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 05:55:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 11.3.2015.0, Zeitstempel: 0x550011de
Name des fehlerhaften Moduls: Wintrust.dll, Version: 6.3.9600.17415, Zeitstempel: 0x545040e6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000bb95
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5

Error: (03/25/2015 00:54:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.18.28431, Zeitstempel: 0x53c3ed8f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x1b14
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5

Error: (03/25/2015 00:54:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/25/2015 00:54:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.18.28431, Zeitstempel: 0x53c3ed8f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x1a60
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5

Error: (03/25/2015 00:54:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/25/2015 00:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.18.28431, Zeitstempel: 0x53c3ed8f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0xb40
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5

Error: (03/25/2015 00:54:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
  bei System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)
  bei System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)
  bei Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)
  bei Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
  bei Avira.OE.ServiceHost.UpdateAvailabilityChecker.CheckForUpdate()
  bei Avira.OE.ServiceHost.UpdateAvailabilityChecker.OnRecurrentUpdateCheck(System.Object)
  bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.TimerQueueTimer.CallCallback()
  bei System.Threading.TimerQueueTimer.Fire()
  bei System.Threading.TimerQueue.FireNextTimers()
  bei System.Threading.TimerQueue.AppDomainTimerCallback()

Error: (03/25/2015 00:50:14 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.InvalidOperationException: Die Sequenz enthält keine Elemente.
  bei System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
  bei System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
  bei Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
  bei Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/25/2015 00:45:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.18.28457, Zeitstempel: 0x53c3edc3
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x704
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.Systray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.Systray.exe5

Error: (03/25/2015 00:45:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ObjectDisposedException
Stapel:
  bei System.IO.__Error.PipeNotOpen()
  bei System.IO.Pipes.PipeStream.CheckWriteOperations()
  bei System.IO.Pipes.PipeStream.Flush()
  bei System.IO.StreamWriter.Flush(Boolean, Boolean)
  bei System.IO.StreamWriter.Dispose(Boolean)
  bei System.IO.StreamWriter.Close()
  bei Avira.OE.WinCore.Utility.AdminMessenger+<>c__DisplayClass2.<WriteMessage>b__1(System.Object, Boolean)
  bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context(System.Object, Boolean)
  bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context_f(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)


System errors:
=============
Error: (03/25/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (03/25/2015 00:54:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/25/2015 00:54:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/25/2015 00:49:10 PM) (Source: SbieSvc) (EventID: 9234) (User: )
Description: SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823

Error: (03/25/2015 00:49:05 PM) (Source: SbieDrv) (EventID: 1103) (User: )
Description: SBIE1103 Sandboxie-Treiber (SbieDrv) version 4.04 konnte nicht gestartet werden

Error: (03/25/2015 00:49:05 PM) (Source: SbieDrv) (EventID: 1105) (User: )
Description: SBIE1105 Unbekannte Betriebssystem-Version: 6.3 (9600)

Error: (03/25/2015 00:48:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (03/25/2015 00:28:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (03/25/2015 00:28:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (03/25/2015 00:28:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.


Microsoft Office Sessions:
=========================
Error: (03/25/2015 05:55:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe11.3.2015.0550011deWintrust.dll6.3.9600.17415545040e6c0000005000000000000bb95c001d0671c6f9b8de1C:\Downloads\FRST64\FRST64.exeC:\WINDOWS\system32\Wintrust.dllb32a58bb-d30f-11e4-beb2-089e01342bb4

Error: (03/25/2015 00:54:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.18.2843153c3ed8fKERNELBASE.dll6.3.9600.1741554504adee0434352000145981b1401d066f278aa9714C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllb6df0a79-d2e5-11e4-beb2-089e01342bb4

Error: (03/25/2015 00:54:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/25/2015 00:54:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.18.2843153c3ed8fKERNELBASE.dll6.3.9600.1741554504adee0434352000145981a6001d066f271e2d05cC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllb05c68dc-d2e5-11e4-beb2-089e01342bb4

Error: (03/25/2015 00:54:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/25/2015 00:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.18.2843153c3ed8fKERNELBASE.dll6.3.9600.1741554504adee043435200014598b4001d066f1b42ebdddC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlla98fdd66-d2e5-11e4-beb2-089e01342bb4

Error: (03/25/2015 00:54:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
  bei System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)
  bei System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)
  bei Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)
  bei Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
  bei Avira.OE.ServiceHost.UpdateAvailabilityChecker.CheckForUpdate()
  bei Avira.OE.ServiceHost.UpdateAvailabilityChecker.OnRecurrentUpdateCheck(System.Object)
  bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.TimerQueueTimer.CallCallback()
  bei System.Threading.TimerQueueTimer.Fire()
  bei System.Threading.TimerQueue.FireNextTimers()
  bei System.Threading.TimerQueue.AppDomainTimerCallback()

Error: (03/25/2015 00:50:14 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.InvalidOperationException: Die Sequenz enthält keine Elemente.
  bei System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
  bei System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
  bei Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
  bei Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/25/2015 00:45:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.18.2845753c3edc3KERNELBASE.dll6.3.9600.1741554504adee04343520001459870401d0664afc6e6ea4C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll78a028d6-d2e4-11e4-beb1-089e01342bb4

Error: (03/25/2015 00:45:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ObjectDisposedException
Stapel:
  bei System.IO.__Error.PipeNotOpen()
  bei System.IO.Pipes.PipeStream.CheckWriteOperations()
  bei System.IO.Pipes.PipeStream.Flush()
  bei System.IO.StreamWriter.Flush(Boolean, Boolean)
  bei System.IO.StreamWriter.Dispose(Boolean)
  bei System.IO.StreamWriter.Close()
  bei Avira.OE.WinCore.Utility.AdminMessenger+<>c__DisplayClass2.<WriteMessage>b__1(System.Object, Boolean)
  bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context(System.Object, Boolean)
  bei System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context_f(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)


CodeIntegrity Errors:
===================================
  Date: 2015-03-23 16:23:51.149
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 16:23:51.024
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:47.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:47.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:47.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:46.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:46.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:46.068
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:45.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-22 23:42:44.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 40%
Total physical RAM: 8036.17 MB
Available physical RAM: 4803.79 MB
Total Pagefile: 9956.17 MB
Available Pagefile: 6483.78 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.8 GB) (Free:174.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Ich beobachte zur Zeit ob es nochmal auftritt, bisher keine Beschwerden! Vielen Dank schonmal für die tolle Hilfe :)
Melde mich spätestens Montag wieder.

Beste Grüße
Sven

schrauber 26.03.2015 14:33
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Downloads\MyPhoneExplorer_Setup_1.8.5.exe

C:\Downloads\PDFCreator-1_7_2_setup_offline.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Dann warte ich mal auf die Rückmeldung.

intradeep 26.03.2015 16:28
Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by svens_000 at 2015-03-26 16:20:43 Run:2
Running from C:\Downloads\FRST64
Loaded Profiles: svens_000 (Available profiles: svens_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Downloads\MyPhoneExplorer_Setup_1.8.5.exe

C:\Downloads\PDFCreator-1_7_2_setup_offline.exe
Emptytemp:
       
*****************

C:\Downloads\MyPhoneExplorer_Setup_1.8.5.exe => Moved successfully.
C:\Downloads\PDFCreator-1_7_2_setup_offline.exe => Moved successfully.
EmptyTemp: => Removed 393.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:20:48 ====
Ich bin gespannt :D

schrauber 27.03.2015 09:11
noch Probleme=? :)

intradeep 27.03.2015 10:15
Ist bisher nicht weiter aufgetreten - ich vermute es ist nun alles weg :D
Vielen Dank, Du warst mir eine große Hilfe!

schrauber 27.03.2015 19:34
http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19