|
Plagegeister aller Art und deren Bekämpfung: Win 8.1, Apps blitzen nur noch kurz aufWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.11.2014, 18:32 | #1 |
| Win 8.1, Apps blitzen nur noch kurz auf Liebe Leute! Hier wurde mir sehr kompetent geholfen: http://www.trojaner-board.de/159343-...blockiert.html Leider gibt es aber weiterhin ein Problem, von dem ich nicht weiß, ob es damit in Zusammenhang steht. Zunächst mal der Rechner, Lenovo Yoga 2 Pro mit Win 8.1. Es handelt sich um ein Convertible, das sowohl im Tablet wie im normalen PC-Modus funktioniert (beide mit Win 8.1). Im Tablet-Modus streiken alle Reader, insbesondere Kindle, aber auch einige andere Reader-Programme. Die App öffnet sich kurz, aber dann verschwindet die App eigenmächtig in der Taskleiste und lässt sich nicht aktivieren. Ähnliches passiert auch mit eBook Reader von eBook.de. Ich weiß nicht, ob ich nichtt doch das ganze System neu aufsetzen muss. Vielleicht lässt es sich ja umgehen. Da im ersten Schritt meist darum gebeten wird, hier mal die beiden Auswertungen von FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 Ran by Hans (administrator) on LENOVO-PC on 09-11-2014 18:22:26 Running from C:\Users\Hans\Downloads Loaded Profile: Hans (Available profiles: Hans) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe () C:\ProgramData\DataCardService\DCService.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe () C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\klwtblfs.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-20] (Realtek semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-29] (Synaptics Incorporated) HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2013-11-06] (Lenovo) HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2013-11-06] () HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2014-04-01] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-11-06] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1334975422-4275687337-2992611491-1001\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] () HKU\S-1-5-21-1334975422-4275687337-2992611491-1001\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [166912 2014-05-30] (Fieldston Software) HKU\S-1-5-21-1334975422-4275687337-2992611491-1001\...\MountPoints2: {a3d653d8-b2cb-11e3-8261-5c514f695577} - "E:\AutoRun.exe" HKU\S-1-5-21-1334975422-4275687337-2992611491-1001\...\MountPoints2: {a3d66ebb-b2cb-11e3-8261-5c514f695577} - "E:\AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://deutschlandradio.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM - {6E4634FA-2A4F-4494-9B24-575303E25199} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM-x32 - {6E4634FA-2A4F-4494-9B24-575303E25199} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKCU - DefaultScope {6E4634FA-2A4F-4494-9B24-575303E25199} URL = SearchScopes: HKCU - {6E4634FA-2A4F-4494-9B24-575303E25199} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab DPF: HKLM-x32 {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254 FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\jxthi6jw.default-1412524304868 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @phonostar.de/phonostar -> C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 -> C:\Windows\DOWNLO~1\NpFv530.dll (1 mal 1 Software GmbH) FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel) FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) FF Plugin ProgramFiles/Appdata: C:\Users\Hans\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed] S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed] R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-18] (LENOVO INCORPORATED.) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2013-11-06] (Lenovo) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-29] (Nitro PDF Software) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD) R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2013-11-06] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2013-11-06] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-06] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-11-06] (Lenovo) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [250368 2010-04-08] (Huawei Technologies Co., Ltd.) S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] () R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-02] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-31] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-31] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-31] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-31] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-31] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-31] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-31] (Kaspersky Lab ZAO) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3433952 2014-02-18] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-20] (Realtek Semiconductor Corp.) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X] S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X] S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X] S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 18:22 - 2014-11-09 18:22 - 00024138 _____ () C:\Users\Hans\Downloads\FRST.txt 2014-11-09 18:22 - 2014-11-09 18:22 - 00000000 ____D () C:\FRST 2014-11-09 18:16 - 2014-11-09 18:21 - 02115584 _____ (Farbar) C:\Users\Hans\Downloads\FRST64.exe 2014-11-08 12:00 - 2014-11-08 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-08 09:36 - 2014-11-08 09:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-07 10:14 - 2014-11-07 10:14 - 29727656 _____ (Oracle Corporation) C:\Users\Hans\Downloads\jre-8u25-windows-i586.com 2014-11-05 08:22 - 2014-11-09 18:11 - 00000000 ____D () C:\Users\Hans\Desktop\BCN0911 2014-11-05 07:34 - 2014-11-05 07:34 - 00045397 _____ () C:\Users\Hans\Downloads\Kiosko y Más.htm 2014-11-05 07:34 - 2014-11-05 07:34 - 00000000 ____D () C:\Users\Hans\Downloads\Kiosko y Más-Dateien 2014-10-27 17:01 - 2014-10-27 17:16 - 00001430 _____ () C:\Users\Hans\Downloads\URLLink.acsm 2014-10-16 11:58 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2014-10-16 11:58 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-10-16 11:58 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-10-16 11:57 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-10-16 11:57 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-10-16 11:57 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-10-16 11:57 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-10-16 11:57 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-10-16 11:45 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-10-16 11:45 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-10-16 11:45 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-10-16 11:45 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2014-10-16 11:45 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-10-16 11:45 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-10-16 11:45 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-10-16 11:45 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-10-16 11:45 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-10-16 11:45 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-10-16 11:45 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-10-16 11:45 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-10-16 11:45 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-10-16 11:45 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-10-16 11:45 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-10-16 11:44 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-10-16 11:44 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-10-16 11:44 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-10-16 11:44 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-10-16 11:44 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-10-16 11:44 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-10-16 11:44 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-10-16 11:44 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-10-16 11:44 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-10-16 11:44 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-10-16 11:44 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-10-16 11:44 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-10-16 11:44 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-10-16 11:44 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-10-16 11:44 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-10-16 11:44 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-10-16 11:44 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-10-16 11:44 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-10-16 11:44 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-10-16 11:44 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-10-16 11:44 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-10-16 11:44 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-10-16 11:44 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-10-16 11:44 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-10-16 11:44 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-10-16 11:44 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-10-16 11:44 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-10-16 11:44 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-10-16 11:44 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-10-16 11:44 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-10-16 11:44 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll 2014-10-16 11:44 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll 2014-10-16 11:43 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2014-10-16 11:43 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2014-10-15 12:00 - 2014-10-15 12:11 - 00000000 ____D () C:\Users\Hans\AppData\Local\Spotify 2014-10-15 12:00 - 2014-10-15 12:00 - 00001859 _____ () C:\Users\Hans\Desktop\Spotify.lnk 2014-10-15 12:00 - 2014-10-15 12:00 - 00001845 _____ () C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2014-10-15 11:57 - 2014-10-20 18:18 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\Spotify 2014-10-15 11:56 - 2014-10-15 11:56 - 00137888 _____ (Spotify Ltd) C:\Users\Hans\Downloads\SpotifySetup.exe 2014-10-15 02:16 - 2014-10-15 02:18 - 00000000 ____D () C:\Users\Hans\Documents\My Kindle Content 2014-10-15 02:15 - 2014-10-15 02:16 - 00000000 ____D () C:\Users\Hans\AppData\Local\Amazon 2014-10-15 02:15 - 2014-10-15 02:15 - 00002293 _____ () C:\Users\Hans\Desktop\Kindle.lnk 2014-10-15 02:15 - 2014-10-15 02:15 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-10-15 02:02 - 2014-10-15 02:15 - 38157960 _____ (Amazon.com) C:\Users\Hans\Downloads\KindleForPC-installer.exe 2014-10-14 04:24 - 2014-10-14 04:24 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-10-14 04:06 - 2014-10-14 04:06 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\VSRevoGroup 2014-10-13 12:40 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-10-13 12:40 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-10-13 12:40 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2014-10-13 12:40 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-10-13 12:40 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-10-13 12:40 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-10-13 12:40 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-10-13 12:40 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-10-13 12:40 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2014-10-13 12:40 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-10-13 12:40 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2014-10-13 12:40 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2014-10-13 12:40 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2014-10-13 12:40 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll 2014-10-13 12:40 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2014-10-13 12:40 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2014-10-13 12:40 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2014-10-13 12:40 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2014-10-13 12:40 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll 2014-10-13 12:40 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-13 12:40 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-10-13 12:40 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-10-13 12:40 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll 2014-10-13 12:40 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-13 12:40 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-10-13 12:40 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-10-13 12:40 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2014-10-13 12:40 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-10-13 12:40 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-10-13 12:40 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-10-13 12:40 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-10-13 12:40 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-10-13 12:40 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-10-13 12:40 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-10-13 12:40 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-10-13 12:39 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2014-10-13 12:39 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-10-13 12:39 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-10-10 16:23 - 2014-10-10 16:23 - 00448512 _____ (OldTimer Tools) C:\Users\Hans\Downloads\TFC.exe 2014-10-10 16:18 - 2014-10-10 16:18 - 00001417 _____ () C:\DelFix.txt 2014-10-10 16:16 - 2014-10-10 16:16 - 00709564 _____ () C:\Users\Hans\Downloads\delfix_10.8.exe.6tqwfb6.partial 2014-10-10 06:16 - 2014-10-10 06:16 - 00307992 _____ () C:\WINDOWS\Minidump\101014-5750-01.dmp 2014-10-10 06:15 - 2014-10-10 06:15 - 00079064 _____ () C:\WINDOWS\system32\Drivers\rldunqft.sys 2014-10-10 00:17 - 2014-10-10 00:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hans\Downloads\mbam-setup-2.0.2.1012(1).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 18:20 - 2014-05-18 21:00 - 00000000 ____D () C:\Users\Hans\Documents\Archivos de Outlook 2014-11-09 18:19 - 2014-03-31 13:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-11-09 18:19 - 2013-11-06 11:48 - 00773788 _____ () C:\WINDOWS\system32\perfh007.dat 2014-11-09 18:19 - 2013-11-06 11:48 - 00169094 _____ () C:\WINDOWS\system32\perfc007.dat 2014-11-09 18:19 - 2013-08-28 09:36 - 01822084 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-11-09 18:14 - 2013-11-06 10:52 - 00067184 _____ () C:\WINDOWS\setupact.log 2014-11-09 18:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-11-09 15:39 - 2014-03-06 11:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-09 15:26 - 2014-03-06 22:05 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-09 14:16 - 2014-03-14 08:03 - 00005046 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-Hans Lenovo-PC 2014-11-09 14:16 - 2013-11-06 10:59 - 01104146 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-09 14:09 - 2014-03-06 08:36 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1334975422-4275687337-2992611491-1001 2014-11-09 14:04 - 2013-11-06 11:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo 2014-11-09 13:59 - 2014-03-06 08:36 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08FECCE6-C18B-4130-BB19-D189B0FBDDAF} 2014-11-09 13:56 - 2014-06-08 22:08 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\gSyncit 2014-11-09 13:56 - 2014-03-12 06:30 - 00000000 ___DO () C:\Users\Hans\SkyDrive 2014-11-09 13:56 - 2014-03-06 22:05 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-09 13:56 - 2014-03-06 22:05 - 00000000 ____D () C:\Users\Hans\AppData\Local\Deployment 2014-11-09 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-11-08 12:01 - 2014-04-28 16:38 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\Skype 2014-11-08 12:00 - 2014-04-28 16:38 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-11-08 12:00 - 2014-04-28 16:38 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-11-08 12:00 - 2014-04-28 16:38 - 00000000 ____D () C:\ProgramData\Skype 2014-11-08 10:42 - 2014-03-08 01:31 - 00082432 ___SH () C:\Users\Hans\Desktop\Thumbs.db 2014-11-08 10:42 - 2014-03-06 09:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-07 10:45 - 2014-03-31 10:34 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-07 10:43 - 2014-04-26 11:35 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-07 10:20 - 2014-04-26 11:35 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-11-07 10:20 - 2014-04-26 11:35 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-11-07 10:20 - 2014-04-26 11:35 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-11-07 10:20 - 2014-04-26 11:35 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-11-07 10:20 - 2014-04-26 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-07 10:11 - 2014-03-06 08:30 - 00000000 ____D () C:\Users\Hans\AppData\Local\Packages 2014-11-06 21:21 - 2013-11-06 11:14 - 00020992 _____ () C:\WINDOWS\system32\VfService.trf 2014-11-06 21:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-06 21:21 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI 2014-11-06 20:18 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-11-06 19:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-11-04 23:32 - 2014-03-06 15:00 - 00000000 ____D () C:\Users\Hans\AppData\Local\CrashDumps 2014-11-03 17:57 - 2014-09-08 16:24 - 00000000 ____D () C:\Users\Hans\Desktop\fotoscabodegata2014 2014-11-02 17:56 - 2014-04-04 07:31 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\Audacity 2014-10-30 16:35 - 2014-08-01 10:28 - 00000000 ____D () C:\Users\Hans\Documents\My Digital Editions 2014-10-28 14:39 - 2014-10-06 16:18 - 00000000 ____D () C:\Users\Hans\Desktop\Bolivien 2014-10-26 16:32 - 2014-03-06 08:30 - 00000000 ____D () C:\Users\Hans 2014-10-26 16:03 - 2013-08-28 09:34 - 00037470 _____ () C:\WINDOWS\PFRO.log 2014-10-26 12:31 - 2014-09-01 12:02 - 00000000 ____D () C:\Users\Hans\AppData\Local\Adobe 2014-10-26 12:31 - 2014-03-06 11:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-10-25 12:53 - 2014-03-14 03:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-23 07:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing 2014-10-22 20:38 - 2014-10-02 10:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-10-21 08:49 - 2014-10-08 07:11 - 00000000 ____D () C:\Users\Hans\Desktop\melilla2 2014-10-17 14:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-10-17 13:22 - 2013-08-22 15:44 - 00529680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-10-17 13:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2014-10-17 13:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager 2014-10-17 13:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera 2014-10-17 11:39 - 2014-03-06 10:34 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-10-17 00:08 - 2014-07-09 20:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-10-17 00:08 - 2014-03-06 10:34 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-10-15 13:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-14 02:52 - 2014-06-04 20:15 - 00000000 ____D () C:\Program Files (x86)\CHIP System-Check-Tool 2014-10-13 12:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-10-13 12:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-10-13 04:45 - 2014-06-05 13:13 - 00000000 ____D () C:\Users\Hans\Desktop\SeuUrgelll 2014-10-12 16:48 - 2014-07-23 11:58 - 00000000 ____D () C:\Users\Hans\Desktop\patoamarrillo 2014-10-10 16:18 - 2014-10-04 14:44 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-10-10 06:16 - 2014-05-25 18:25 - 854420048 _____ () C:\WINDOWS\MEMORY.DMP 2014-10-10 06:16 - 2014-05-25 18:25 - 00000000 ____D () C:\WINDOWS\Minidump 2014-10-10 00:20 - 2014-10-02 10:23 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-10 00:20 - 2014-10-02 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-10 00:20 - 2014-10-02 10:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware Some content of TEMP: ==================== C:\Users\Hans\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-09 18:11 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 Ran by Hans at 2014-11-09 18:24:14 Running from C:\Users\Hans\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Audition 3 Vista Compatibility (HKLM\...\{22950922-8438-4c84-80d5-a17e6c2a5717}.sdb) (Version: - ) Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Audition 3.0.1 Patch (HKLM-x32\...\{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}) (Version: 3.00.1000 - Adobe Systems Incorporated) Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.) calibre 64bit (HKLM\...\{2B73426A-9499-4875-BAE9-8DD729009399}) (Version: 1.47.0 - Kovid Goyal) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden Dependency Package Update (x32 Version: 1.6.30.00 - Lenovo Group Limited) Hidden Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - ) Dragon Assistant Application de-DE Version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.) Dragon Assistant Core Recognition Service Version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.) Dragon Assistant Language Data de-DE Version 1.1.3 (HKLM-x32\...\{FB671668-9AAC-41DC-872B-627418FB62D5}_is1) (Version: 1.1.3 - Nuance Communications, Inc.) Dragon Assistant Version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.) Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo) Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.) Google Apps Migration For Microsoft Outlook® 2.3.14.36 (HKLM-x32\...\{C46F4ED2-0337-4267-97A1-89735C781E0D}) (Version: 2.3.14.36 - Google, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden gSyncit (HKLM-x32\...\{0B5328C6-6A02-4E2A-ABD0-682075B21DF9}) (Version: 3.8.124 - Fieldston Software) Hindenburg Journalist (HKLM-x32\...\{23C2332F-228C-4D19-8BF3-60E25AD421D7}) (Version: 1.25.1914 - Hindenburg Systems ApS.) Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation) Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation) Internet Movil (HKLM-x32\...\Internet Movil) (Version: 16.002.10.02.288 - Huawei Technologies Co.,Ltd) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo) Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.29.00 - Lenovo Group Limited) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.) Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab) Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo) Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo) Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 15.0.4659.1001 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) Mozilla Thunderbird 24.5.0 (x86 es-ES) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 es-ES)) (Version: 24.5.0 - Mozilla) Nitro Pro 8 (HKLM\...\{AD21268B-7AA2-45B1-B360-E0CBA12706FE}) (Version: 8.5.5.7 - Nitro) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden OpenOffice 4.1.0 (HKLM-x32\...\{556A5D7B-54F4-4D0D-8114-742A60105CDC}) (Version: 4.10.9764 - Apache Software Foundation) Outlook4Gmail 4.1.11 (HKLM-x32\...\{6A53C42D-DCCD-46B7-9143-51071726A6F6}_is1) (Version: - Scand Ltd.) PlayChess (HKLM-x32\...\PlayChess) (Version: - ChessBase GmbH) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated) System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite) Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1334975422-4275687337-2992611491-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) CustomCLSID: HKU\S-1-5-21-1334975422-4275687337-2992611491-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) CustomCLSID: HKU\S-1-5-21-1334975422-4275687337-2992611491-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 25-10-2014 14:39:08 Geplanter Prüfpunkt 02-11-2014 16:30:26 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03B65820-4475-4A7C-BC86-56D76EF93CAC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-26] (Adobe Systems Incorporated) Task: {0AD72076-1B77-4524-9ED5-77DDB647C8F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {236D74BD-A007-4338-862E-00105FCA53C5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation) Task: {3739A0B3-2B6A-4A6E-867C-FFC37AC4F153} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-Hans Lenovo-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation) Task: {3FA5CC3A-7A30-4978-AAED-18B6678BDC14} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {452E2F6B-4121-4041-AC67-F8DAF382C679} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {76C241BB-B6B0-4971-B9CE-F101B08EF087} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation) Task: {7768969C-C88C-4F22-A35A-196C89B1A7B2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {C09CB7FE-94B5-403F-AB5D-8738EEF301D7} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1334975422-4275687337-2992611491-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {D63B690E-EB1A-4241-BDD2-256F18A39062} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-08-18] () Task: {DB0623C1-7768-4A59-AA20-237B1F291038} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-17] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-14 03:14 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe 2013-08-02 02:31 - 2013-08-02 02:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-08-02 02:31 - 2013-08-02 02:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-08-02 02:31 - 2013-08-02 02:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2013-11-06 11:13 - 2012-04-25 03:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-05-19 11:24 - 2005-04-22 05:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2013-11-06 11:14 - 2013-11-06 11:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe 2013-11-06 11:14 - 2013-11-06 11:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll 2013-11-06 11:14 - 2013-11-06 11:14 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll 2014-04-26 17:09 - 2012-10-13 15:05 - 00042496 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe 2014-10-16 00:59 - 2014-10-16 00:59 - 00028160 _____ () C:\Users\Hans\AppData\Local\Packages\microsoft.bingweather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\10ead687afca927bd7b22ad8d20e1de3\Microsoft.PerfTrack.ni.dll 2014-10-16 00:59 - 2014-10-16 00:59 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll 2014-10-19 18:19 - 2014-10-19 18:19 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll 2014-10-19 18:19 - 2014-10-19 18:19 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll 2014-10-19 18:19 - 2014-10-19 18:19 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll 2014-10-19 18:19 - 2014-10-19 18:19 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll 2014-03-06 11:14 - 2014-03-06 11:14 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.214_x64__8wekyb3d8bbwe\SqliteWrapper.dll 2013-11-06 10:54 - 2013-11-06 10:54 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.214_x64__8wekyb3d8bbwe\Sqlite3.dll 2014-10-19 18:19 - 2014-10-19 18:19 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll 2014-10-02 05:16 - 2014-10-02 05:16 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.214_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd 2014-10-19 18:19 - 2014-10-19 18:19 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll 2014-10-22 10:22 - 2014-10-22 10:22 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll 2014-10-16 00:59 - 2014-10-16 00:59 - 00117248 _____ () C:\Users\Hans\AppData\Local\Packages\microsoft.bingweather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\SqliteWrapper\99fa190c50aa9d06da5fb90ed0d8b8f7\SqliteWrapper.ni.dll 2013-08-22 08:19 - 2013-08-22 07:54 - 00093696 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Web.winmd 2014-07-31 09:28 - 2014-07-31 09:28 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll 2014-10-20 15:15 - 2014-10-20 15:15 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll 2014-04-19 08:07 - 2014-04-19 08:07 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll 2014-08-01 13:17 - 2014-08-01 13:17 - 00462592 _____ () C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe 2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2013-11-06 11:13 - 2013-05-02 20:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll 2013-11-06 11:13 - 2013-05-02 20:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll 2013-11-06 11:13 - 2013-05-02 20:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll 2013-11-06 11:13 - 2013-05-02 20:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll 2013-11-06 11:13 - 2013-05-02 20:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll 2013-11-06 11:13 - 2013-05-02 20:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll 2013-11-06 11:14 - 2013-05-02 20:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll 2013-11-06 10:58 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-09-25 06:21 - 2014-09-25 06:21 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-09-24 23:38 - 2014-09-24 23:38 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-11-08 09:36 - 2014-11-08 09:36 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\Users\Hans\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Hans\SkyDrive.old:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "ISCTSystray.lnk" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "DptfPolicyLpmServiceHelper" HKLM\...\StartupApproved\Run: => "Lenovo Utility" HKLM\...\StartupApproved\Run: => "Yoga PhoneCompanion" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "RtsFT" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run: => "AutoStartTransition" HKLM\...\StartupApproved\Run32: => "Yoga Picks" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe" HKLM\...\StartupApproved\Run32: => "BrStsMon00" HKLM\...\StartupApproved\Run32: => "ControlCenter3" HKLM\...\StartupApproved\Run32: => "emsisoft anti-malware" HKCU\...\StartupApproved\StartupFolder: => "Disconnect Private Search.lnk" HKCU\...\StartupApproved\Run: => "HW_OPENEYE_OUC_Internet Movil" HKCU\...\StartupApproved\Run: => "gSyncit" ========================= Accounts: ========================== Administrator (S-1-5-21-1334975422-4275687337-2992611491-500 - Administrator - Disabled) Gast (S-1-5-21-1334975422-4275687337-2992611491-501 - Limited - Disabled) Hans (S-1-5-21-1334975422-4275687337-2992611491-1001 - Administrator - Enabled) => C:\Users\Hans HomeGroupUser$ (S-1-5-21-1334975422-4275687337-2992611491-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/09/2014 01:56:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (11/07/2014 10:18:19 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (11/07/2014 09:54:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (11/06/2014 09:10:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (11/06/2014 05:11:13 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (11/06/2014 09:37:51 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (11/06/2014 09:30:09 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (11/05/2014 10:20:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm PhotosApp.exe, Version 6.3.9600.17122 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 434 Startzeit: 01cff93d9182ec98 Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\FileManager\PhotosApp.exe Berichts-ID: 9ec8c567-6531-11e4-82ee-a900cbfafb7c Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (11/05/2014 10:20:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LENOVO-PC) Description: Das Paket „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde beendet, da das Anhalten zu lange dauerte. Error: (11/05/2014 05:28:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 System errors: ============= Error: (11/06/2014 11:32:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Servicio de Google Update (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/06/2014 11:31:52 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (11/06/2014 09:23:34 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/06/2014 08:32:46 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR87 gefunden. Error: (11/06/2014 08:32:05 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR87 gefunden. Error: (11/06/2014 07:30:55 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR85 gefunden. Error: (11/06/2014 07:23:00 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR85 gefunden. Error: (11/06/2014 07:00:10 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR81 gefunden. Error: (11/06/2014 05:19:36 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR81 gefunden. Error: (11/06/2014 11:02:40 AM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR65 gefunden. Microsoft Office Sessions: ========================= Error: (11/09/2014 01:56:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (11/07/2014 10:18:19 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: C:\Users\Hans\Downloads\mbam-setup-2.0.2.1012 (2).exeC:\Users\Hans\Downloads\mbam-setup-2.0.2.1012 (2).exe0 Error: (11/07/2014 09:54:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (11/06/2014 09:10:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\dradio-Recorder\phonostar.exe Error: (11/06/2014 05:11:13 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (11/06/2014 09:37:51 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\dradio-Recorder\phonostar.exe Error: (11/06/2014 09:30:09 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\dradio-Recorder\phonostar.exe Error: (11/05/2014 10:20:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: PhotosApp.exe6.3.9600.1712243401cff93d9182ec984294967295C:\WINDOWS\FileManager\PhotosApp.exe9ec8c567-6531-11e4-82ee-a900cbfafb7cFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager Error: (11/05/2014 10:20:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LENOVO-PC) Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager Error: (11/05/2014 05:28:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 CodeIntegrity Errors: =================================== Date: 2014-10-01 10:55:17.552 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:55:16.920 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:55:16.610 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:55:16.023 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:55:15.294 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:55:15.178 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:50:26.955 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:50:26.658 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:50:26.002 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-01 10:50:25.549 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 39% Total physical RAM: 8104.27 MB Available physical RAM: 4911.89 MB Total Pagefile: 16296.27 MB Available Pagefile: 12674.37 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:219.39 GB) (Free:79.12 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.85 GB) NTFS Drive e: () (Removable) (Total:59.75 GB) (Free:57.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 9ED42E52) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 59.8 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=59.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
09.11.2014, 18:50 | #2 |
/// the machine /// TB-Ausbilder | Win 8.1, Apps blitzen nur noch kurz auf Hast Du schon mal ein Refresh von Win8 gemacht oder das All in One Repair Tool versucht?
__________________Wenn ja schieb ich dich in einen Bereich in dem mehrere Leute antworten können.
__________________ |
09.11.2014, 19:04 | #3 |
| Win 8.1, Apps blitzen nur noch kurz auf Das Refresh warnt mich vor der Durchführung, dass ich zahlreiche Programme hinterher neu installieren muss, auch Lenovo-Treiber, die ich gar nicht besitze (die Geräte werden heutzutage ja nicht mehr mit Treiber-CDs ausgeliefert). Das wäre ja fast ein neues Aufsetzen, sehr kompliziert und bislang habe ich das nicht machen wollen, auch aus Zeitgründen. Vielleicht komme ich da nicht rum.
__________________Das All-in-onle-repair-tool kenne ich nicht. Google zeigt zwar etwas an, etwa auf tweaking.com, aber ich mag ehrlich gesagt nichts einfach so runterladen. Ist die Seite sicher? |
10.11.2014, 16:40 | #4 |
/// the machine /// TB-Ausbilder | Win 8.1, Apps blitzen nur noch kurz auf
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.11.2014, 08:56 | #5 |
| Win 8.1, Apps blitzen nur noch kurz auf Vielen Dank! Das hat leider nichts gebracht. Ich habe inzwischen ein weiteres Benutzerkonto eingerichtet und die apps auch dort installiert. Dort funktionieren sie tadellos! Offensichtlich ist irgendwie das Konto gecrasht. Das lässt sich wohl kaum reparieren. Oder doch? Leider sind auf dem ursprünglichen Konto viele Daten, an die ich vom anderen Konto nicht rankomme, und von einem Konto auf das nächste hin- und herzuspringen ist sicher nicht komfortabel. Gibt es auf Win 8.1 eine elegante Lösung, den Inhalt des einen Benutzerkontos auf ein anderes zu übertragen? Oder muss ich tatsächlich alles per copy&paste übertragen, wie es ein paar Seiten empfehlen? Wenn Du meinst, kannst Du diesen thread gerne in ein passenderes Forum verschieben. |
12.11.2014, 08:10 | #6 | |
/// the machine /// TB-Ausbilder | Win 8.1, Apps blitzen nur noch kurz aufZitat:
Du solltest aber ohne probleme Zugriff auf den Ordner des alten Kontos über den Explorer haben, dann einfach alles kopieren.
__________________ --> Win 8.1, Apps blitzen nur noch kurz auf |
Themen zu Win 8.1, Apps blitzen nur noch kurz auf |
adware, browser, cpu, defender, desktop, device driver, ebanking, fehler, firefox, flash player, google, home, kaspersky, mozilla, office 365, onedrive, problem, realtek, registry, scan, security, services.exe, software, svchost.exe, system, tablet, usb, vista, windows, windows xp, windowsapps |