Win 8, Weisser Bildschirm, betrieb geht nur noch über Externen Monitor.

zoKKer1337 · 15.12.2014, 15:02

Hi,
der Laptop von meinen Eltern hat nach einem Besuch auf einer Zahnpasta Seite nur noch Weisses Bild. Zu der Seite kann ich leider nicht mehr sagen. Der weisse Bildschirm erscheint sofort nach dem Start des Laptops so das man absolut nix machen kann. Der Betrieb ist nur noch über einen Externen Monitor möglich.

ESETSmartInstaller@High as downloader log:

all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ca77337eb8364847bf911708e2aa7231
# engine=21539
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-13 04:34:38
# local_time=2014-12-13 05:34:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 95 815083 8562252 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2626291 52955308 0 0
# scanned=195529
# found=5
# cleaned=5
# scan_time=2586
sh=1977F2F0A49C992E60324A527A5887305D48E3D7 ft=1 fh=dc889aa2aa041916 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=76C19267783B1C3FBE78C7EDFB19EEE1CA020E5B ft=1 fh=24f1c525cd32bc9c vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Büro\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"
sh=367234BE596D56EC13DEF9FD82F741576BD021E0 ft=1 fh=d72f459d78d781c6 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Büro\Downloads\setup.exe"
sh=D341A1872DD3B3A6406DF9557895499E6B3A93DC ft=1 fh=a1cced6cbcc5ea43 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Büro\Downloads\SoftonicDownloader_fuer_vlc-media-player(1).exe"
sh=D341A1872DD3B3A6406DF9557895499E6B3A93DC ft=1 fh=a1cced6cbcc5ea43 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Büro\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe"

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Los (administrator) on BOMA on 13-12-2014 14:26:31
Running from C:\Users\Los\Desktop
Loaded Profile: Los (Available profiles: Los)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-09-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-09-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3104225705-2174199506-2866893716-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Los\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Los\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Los\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3104225705-2174199506-2866893716-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3104225705-2174199506-2866893716-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3104225705-2174199506-2866893716-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001 -> {086258EC-C3F7-41A2-8414-0E87D879D888} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Los\AppData\Roaming\Mozilla\Firefox\Profiles\l60dzive.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.onet.pl/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Los\AppData\Roaming\Mozilla\Firefox\Profiles\l60dzive.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Los\AppData\Roaming\Mozilla\Firefox\Profiles\l60dzive.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Los\AppData\Roaming\Mozilla\Firefox\Profiles\l60dzive.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Los\AppData\Roaming\Mozilla\Firefox\Profiles\l60dzive.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF Extension: GMX MailCheck - C:\Users\Los\AppData\Roaming\Mozilla\Firefox\Profiles\l60dzive.default\Extensions\toolbar@gmx.net [2014-12-01]
FF Extension: Adblock Plus - C:\Users\Los\AppData\Roaming\Mozilla\Firefox\Profiles\l60dzive.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-22]

Chrome: 
=======
CHR Profile: C:\Users\Los\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Los\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16]
CHR Extension: (Google Drive) - C:\Users\Los\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16]
CHR Extension: (YouTube) - C:\Users\Los\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16]
CHR Extension: (Google Search) - C:\Users\Los\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16]
CHR Extension: (Gmail) - C:\Users\Los\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-04-30] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 14:26 - 2014-12-13 14:26 - 00015878 _____ () C:\Users\Los\Desktop\FRST.txt
2014-12-13 14:18 - 2014-12-13 14:26 - 00000000 ____D () C:\FRST
2014-12-13 14:16 - 2014-12-13 14:16 - 00380416 _____ () C:\Users\Los\Desktop\Gmer-19357.exe
2014-12-13 14:14 - 2014-12-13 14:14 - 02119168 _____ (Farbar) C:\Users\Los\Desktop\FRST64.exe
2014-12-13 14:13 - 2014-12-13 14:10 - 00050477 _____ () C:\Users\Los\Desktop\Defogger.exe
2014-12-13 14:13 - 2014-12-13 00:45 - 02166272 _____ () C:\Users\Los\Desktop\AdwCleaner_4.105.exe
2014-12-13 14:12 - 2014-12-13 14:12 - 00000000 _____ () C:\Users\Los\defogger_reenable
2014-12-13 00:57 - 2014-12-13 01:02 - 00000000 ____D () C:\Users\Los\Desktop\Neuer Ordner
2014-12-13 00:45 - 2014-12-13 00:47 - 00000000 ____D () C:\AdwCleaner
2014-12-11 15:02 - 2014-12-11 15:02 - 03981488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-11-19 08:23 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 08:23 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 08:23 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 08:23 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-18 07:38 - 2014-11-18 07:38 - 00003078 _____ () C:\WINDOWS\System32\Tasks\{7BCE2036-DEC8-445B-B019-F0E704513EA6}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 14:26 - 2012-11-24 12:19 - 00000000 ____D () C:\Temp
2014-12-13 14:25 - 2014-08-17 22:42 - 01804676 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-13 14:15 - 2012-11-13 19:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3104225705-2174199506-2866893716-1001
2014-12-13 14:14 - 2012-11-24 12:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-13 14:12 - 2014-09-21 13:50 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{15FE1F81-769E-4A3E-8889-FBC53710B3EC}
2014-12-13 14:12 - 2014-08-17 22:24 - 00000000 ____D () C:\Users\Los
2014-12-13 14:10 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-13 14:10 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-13 14:10 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-13 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-13 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-13 01:02 - 2013-04-07 16:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-13 00:50 - 2014-04-11 16:24 - 00000000 ___RD () C:\Users\Los\Dropbox
2014-12-13 00:50 - 2014-04-11 16:21 - 00000000 ____D () C:\Users\Los\AppData\Roaming\Dropbox
2014-12-13 00:48 - 2014-03-18 02:50 - 00046544 _____ () C:\WINDOWS\PFRO.log
2014-12-13 00:48 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-13 00:47 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-13 00:47 - 2012-09-23 11:03 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-12-13 00:41 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-12 18:27 - 2013-08-22 15:46 - 00290371 _____ () C:\WINDOWS\setupact.log
2014-12-12 08:29 - 2012-11-24 18:25 - 00000000 ____D () C:\Users\Los\AppData\Roaming\Skype
2014-12-11 15:02 - 2013-04-07 16:14 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-11 14:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-01 07:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-29 18:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-20 21:51 - 2014-08-24 10:31 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-20 21:51 - 2014-08-24 10:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 08:59 - 2013-08-15 02:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-17 08:56 - 2012-12-18 13:45 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-15 09:31 - 2014-09-21 18:14 - 00001008 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-15 09:31 - 2014-09-21 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-14 18:49 - 2014-04-11 16:24 - 00001069 _____ () C:\Users\Los\Desktop\Dropbox.lnk
2014-11-14 18:49 - 2014-04-11 16:23 - 00000000 ____D () C:\Users\Los\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 13:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-13 12:42 - 2013-08-22 15:44 - 00363080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-13 12:41 - 2012-11-24 12:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-13 09:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-13 09:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-13 09:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-13 09:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-13 09:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-13 09:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-13 04:54 - 2012-11-24 12:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-13 01:09

==================== End Of Log ============================

--- --- ---
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by Los at 2014-12-13 14:26:59
Running from C:\Users\Los\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3104225705-2174199506-2866893716-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1901 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104225705-2174199506-2866893716-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Los\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

27-11-2014 17:42:29 Windows Update
12-12-2014 19:25:18 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18F04491-17CA-4AF2-9482-44E6CEB5A5F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-17] (Microsoft Corporation)
Task: {4565A80C-107B-422F-BDC4-AB752287A3FA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {71EAA154-1672-4261-9233-767ADFA8597C} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {7F9EF61A-A20F-4170-A0E8-0469015A3634} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {8653FC47-96F5-4AC7-8FAD-E05C2F726A55} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {9B3736A9-9CDC-447F-9399-7374DCA5D6F5} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {FD2995FF-599C-40BF-A6AA-F9E15DCDD3AE} - System32\Tasks\{7BCE2036-DEC8-445B-B019-F0E704513EA6} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/abandoninstall?page=tsPlugin
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-08-26 14:48 - 2012-08-26 14:48 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2012-11-24 17:03 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-11-24 17:03 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2012-09-05 13:09 - 2012-08-24 00:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-23 10:38 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3104225705-2174199506-2866893716-1001\...\StartupApproved\Run: => "Skype"

========================= Accounts: ==========================

Administrator (S-1-5-21-3104225705-2174199506-2866893716-500 - Administrator - Disabled)
Gast (S-1-5-21-3104225705-2174199506-2866893716-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3104225705-2174199506-2866893716-1005 - Limited - Enabled)
Los (S-1-5-21-3104225705-2174199506-2866893716-1001 - Administrator - Enabled) => C:\Users\Los

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2014 00:35:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6fc

Startzeit: 01d01633ba3aa832

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 99947b69-8257-11e4-bec6-b888e3875da9

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/12/2014 06:40:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x668
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5

Error: (12/12/2014 06:38:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b84

Startzeit: 01d016310d207295

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: ad9f1de3-8225-11e4-bec5-c0143dc6f5bc

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/12/2014 08:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x67c
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5

Error: (12/12/2014 08:32:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x66c
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5

Error: (11/27/2014 06:45:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x69c
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5

Error: (11/19/2014 09:45:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 33.1.0.5423 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1660

Startzeit: 01d002fa3a6bd4c7

Endzeit: 4294967295

Anwendungspfad: c:\program files (x86)\mozilla firefox\firefox.exe

Berichts-ID: 6936d656-6fc8-11e4-bebd-c0143dc6f5bc

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/15/2014 09:28:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x6b4
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5

Error: (11/13/2014 00:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5

Error: (10/23/2014 09:27:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c6c

Startzeit: 01cfeefeefdcc618

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe

Berichts-ID: e3a54139-5af2-11e4-beba-c0143dc6f5bc

Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App


System errors:
=============
Error: (12/13/2014 02:24:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG WatchDog" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2014 02:22:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG WatchDog" wurde unerwartet beendet. Dies ist bereits 3 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2014 02:22:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG WatchDog" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2014 02:22:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG WatchDog" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2014 01:09:43 AM) (Source: DCOM) (EventID: 10010) (User: BoMa)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/13/2014 01:09:13 AM) (Source: DCOM) (EventID: 10010) (User: BoMa)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/13/2014 00:47:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/13/2014 00:47:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2014 00:47:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2014 00:47:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (12/13/2014 00:35:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.172846fc01d01633ba3aa8320C:\WINDOWS\Explorer.EXE99947b69-8257-11e4-bec6-b888e3875da9

Error: (12/12/2014 06:40:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c66801d01632b3018314C:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dllf872ec53-8225-11e4-bec6-b888e3875da9

Error: (12/12/2014 06:38:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17284b8401d016310d2072954294967295C:\WINDOWS\Explorer.EXEad9f1de3-8225-11e4-bec5-c0143dc6f5bc

Error: (12/12/2014 08:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c67c01d015de65b7cefdC:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dllaba6bcf9-81d1-11e4-bec1-b888e3875da9

Error: (12/12/2014 08:32:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c66c01d015ddc4702592C:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll0949e778-81d1-11e4-bec0-b888e3875da9

Error: (11/27/2014 06:45:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c69c01d00a69eeb47fc1C:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll33c54ea2-765d-11e4-bebe-c0143dc6f5bc

Error: (11/19/2014 09:45:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.1.0.5423166001d002fa3a6bd4c74294967295c:\program files (x86)\mozilla firefox\firefox.exe6936d656-6fc8-11e4-bebd-c0143dc6f5bc

Error: (11/15/2014 09:28:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c6b401d00112bddb58aeC:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll04530656-6d06-11e4-bebd-c0143dc6f5bc

Error: (11/13/2014 00:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c68c01cfff36f4a109f7C:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll382c6306-6b2a-11e4-bebc-c0143dc6f5bc

Error: (10/23/2014 09:27:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384c6c01cfeefeefdcc6184294967295C:\WINDOWS\syswow64\backgroundTaskHost.exee3a54139-5af2-11e4-beba-c0143dc6f5bcE046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8App


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B980 @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 3959.77 MB
Available physical RAM: 2834.68 MB
Total Pagefile: 7543.77 MB
Available Pagefile: 6143.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:211.67 GB) (Free:61.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Daten) (Fixed) (Total:206.32 GB) (Free:175.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E83DD09)

Partition: GPT Partition Type.

==================== End Of Log ============================

--- --- ---

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-13 15:33:17
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a ST500LT012-9WS142 rev.0001LVM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Temp\uxtdqpow.sys


---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\Explorer.EXE[1600] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb36d3169a 4 bytes [D3, 36, FB, 7F]
.text C:\WINDOWS\Explorer.EXE[1600] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb36d316a2 4 bytes [D3, 36, FB, 7F]
.text C:\WINDOWS\Explorer.EXE[1600] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb36d3181a 4 bytes [D3, 36, FB, 7F]
.text C:\WINDOWS\Explorer.EXE[1600] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb36d31832 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3792] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb36d3169a 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3792] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb36d316a2 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3792] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb36d3181a 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3792] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb36d31832 4 bytes [D3, 36, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[3884] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb36d3169a 4 bytes [D3, 36, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[3884] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb36d316a2 4 bytes [D3, 36, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[3884] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb36d3181a 4 bytes [D3, 36, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[3884] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb36d31832 4 bytes [D3, 36, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2168] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb36d3169a 4 bytes [D3, 36, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2168] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb36d316a2 4 bytes [D3, 36, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2168] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb36d3181a 4 bytes [D3, 36, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2168] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb36d31832 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5024] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb24c21f6a 4 bytes [C2, 24, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5024] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb24c21f82 4 bytes [C2, 24, FB, 7F]
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3196] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb36d3169a 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3196] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb36d316a2 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3196] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb36d3181a 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3196] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb36d31832 4 bytes [D3, 36, FB, 7F]
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3196] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb24c21f6a 4 bytes [C2, 24, FB, 7F]
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3196] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb24c21f82 4 bytes [C2, 24, FB, 7F]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [816:840] fffff9600098fb90

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

--- --- ---

Ich hoffe ich habe alles richtig gemacht. Danke schonmal im vorraus.

Warlord711 · 15.12.2014, 15:26

Hallo zoKKer1337

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Hier findest du die Anleitung für Hilfesuchende
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

Kannst du testweise die Classic Shell deinstallieren ?

Win 8, Weisser Bildschirm, betrieb geht nur noch über Externen Monitor.

Plagegeister aller Art und deren Bekämpfung: Win 8, Weisser Bildschirm, betrieb geht nur noch über Externen Monitor.

Win 8, Weisser Bildschirm, betrieb geht nur noch über Externen Monitor.

Win 8, Weisser Bildschirm, betrieb geht nur noch über Externen Monitor.

Ähnliche Themen: Win 8, Weisser Bildschirm, betrieb geht nur noch über Externen Monitor.