Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
cdn cache virus

cdn cache virus


Log-Analyse und Auswertung: cdn cache virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 5 1 2 34 Letzte »
Alt 23.01.2015, 12:30   #16
schrauber
/// the machine
/// TB-Ausbilder
 
cdn cache virus - Standard

cdn cache virus


Zitat:
Ist der CCCleaner ein Registery Cleaner? Habe ihn aber bereits deinstalliert.
Ja ist er. Kanste aber wieder installieren um die Temps zu reinigen, dafür ist er spitze.


Zitat:
Woher bekomme ich sicher die Datei mfc100.dll ?
Sollte in deinem Windows, oder mal mindestens auf der DVD von Windows sein.
Mach mal folgendes:

http://www.trojaner-board.de/72874-s...eparieren.html


Zu dem Fund:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Windows\system32\inf

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.01.2015, 19:08   #17
Energie2000
 
cdn cache virus - Standard

cdn cache virus


Hallo Schrauber,

habe sfc /scannow durchgeführt --> keine Integrationsverletzungen
CBS.log und Ordner %windir%\Logs\CBS habe ich nicht gefunden. Habe Windows 7, evtl. für Vista relevant? Habe aber unter Windows\Logs\CBS eine CBS-Textdatei, die ich nicht öffnen kann - Zugriff verweigert, auch nach Haken setzen für den Vollzugriff.

Thema schädliche Datei:
Hier Fixlog.txt

Code:
ATTFilter
------------
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by labuhn at 2015-01-23 18:42:07 Run:1
Running from C:\Users\labuhn\Desktop
Loaded Profiles: labuhn (Available profiles: UpdatusUser & labuhn)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\system32\inf
*****************

"C:\Windows\system32\inf" => File/Directory not found.

==== End of Fixlog 18:42:07 ====
------------

und nochmal die Scan-Datei:

Code:
ATTFilter
----------------
Emsisoft Internet Security - Version 9.0
Letztes Update: 23.01.2015 18:42:37
Benutzerkonto: labuhn-THINK\labuhn

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

PUPs-Erkennung: An
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	23.01.2015 18:43:53
C:\Windows\system32\inf\ 	gefunden: Trojan.Win32.Agent (A)

Gescannt	189872
Gefunden	1

Scan Ende:	23.01.2015 18:54:36
Scan Zeit:	0:10:43


Quarantäne	0


Quarantäne	0


Gelöscht	0


Gelöscht	0
---------------
Gruß
Energie2000
__________________
Alt 23.01.2015, 21:05   #18
schrauber
/// the machine
/// TB-Ausbilder
 
cdn cache virus - Standard

cdn cache virus


Poste mal bitte ein frisches FRST log.
__________________
__________________
Alt 24.01.2015, 10:46   #19
Energie2000
 
cdn cache virus - Standard

cdn cache virus


Hallo Schrauber,

hier ist frisches FRST (und auch nochmal Addition mit angehängt):

Vorher nochmal die Frage zur Datei mfc100.dll (fehlt für 2. Parallel-Monitor). Ich habe jetzt die Windows CD gefunden. Trau mich aber nicht die zu starten (und was genau - boot oder sources?). Ist dann alles geputzt, wie Office und alle Programme? Möchte ich vermeiden.


Code:
ATTFilter
---------------
FRST Logfile:

FRST Logfile:


	
Code: 

 
ATTFilter


  

	
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by labuhn (administrator) on LABUHN-THINK on 24-01-2015 10:41:01
Running from C:\Users\labuhn\Desktop
Loaded Profiles: labuhn (Available profiles: UpdatusUser & labuhn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63776 2014-07-10] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [LTT] => C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [202600 2012-11-02] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE462
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\ncc1avcd.default-1421688447215
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\ncc1avcd.default-1421688447215\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-23]
FF Extension: Adblock Plus - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\ncc1avcd.default-1421688447215\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\labuhn\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [ofbhmgdnoeallignocbmcpnpondfanip] - C:\ProgramData\SaveByclick\ofbhmgdnoeallignocbmcpnpondfanip.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.) [File not signed]
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 i1 Display Service; C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [163328 2010-09-28] (X-Rite Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-11-02] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\labuhn\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 10:41 - 2015-01-24 10:41 - 00020886 ____C () C:\Users\labuhn\Desktop\FRST.txt
2015-01-23 20:28 - 2015-01-23 20:28 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\Apple Computer
2015-01-23 20:24 - 2015-01-23 20:24 - 04614144 ____C () C:\Users\labuhn\Downloads\msxml6_SDK.msi
2015-01-23 20:24 - 2015-01-23 20:24 - 03753472 ____C () C:\Users\labuhn\Downloads\msxml6_ia64.msi
2015-01-23 20:24 - 2015-01-23 20:24 - 02721280 ____C () C:\Users\labuhn\Downloads\msxml6_x64.msi
2015-01-23 20:23 - 2015-01-23 20:24 - 01528320 ____C () C:\Users\labuhn\Downloads\msxml6.msi
2015-01-23 19:58 - 2015-01-23 19:58 - 00001005 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-23 19:57 - 2015-01-23 19:57 - 00054156 ___HC () C:\Windows\QTFont.qfn
2015-01-23 19:57 - 2015-01-23 19:57 - 00002519 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-23 19:57 - 2015-01-23 19:57 - 00001856 ____C () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-23 19:57 - 2015-01-23 19:57 - 00000000 ___DC () C:\Windows\System32\Tasks\Apple
2015-01-23 19:57 - 2015-01-23 19:57 - 00000000 ___DC () C:\Users\Default\AppData\Local\Apple
2015-01-23 19:57 - 2015-01-23 19:57 - 00000000 ___DC () C:\Users\Default User\AppData\Local\Apple
2015-01-23 19:57 - 2015-01-23 19:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-23 19:57 - 2015-01-23 19:57 - 00000000 ___DC () C:\ProgramData\Apple Computer
2015-01-23 19:57 - 2015-01-23 19:57 - 00000000 ___DC () C:\Program Files (x86)\QuickTime
2015-01-23 19:57 - 2015-01-23 19:57 - 00000000 ___DC () C:\Program Files (x86)\Apple Software Update
2015-01-23 19:56 - 2015-01-23 19:56 - 00000000 ___DC () C:\ProgramData\Apple
2015-01-23 19:52 - 2015-01-23 19:58 - 00001964 ____C () C:\Windows\SecuniaPackage.log
2015-01-23 19:42 - 2015-01-23 19:42 - 00700980 ____C () C:\Users\labuhn\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2015-01-23 19:36 - 2015-01-23 19:36 - 00544303 ____C () C:\Users\labuhn\Downloads\noscript_security_suite-2.6.9.11-sm_fn_fx.xpi
2015-01-23 19:33 - 2015-01-23 19:33 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\WinPatrol
2015-01-23 19:33 - 2015-01-23 19:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-01-23 19:33 - 2015-01-23 19:33 - 00000000 ___DC () C:\ProgramData\InstallMate
2015-01-23 19:33 - 2015-01-23 19:33 - 00000000 ___DC () C:\Program Files (x86)\Ruiware
2015-01-23 19:31 - 2015-01-23 19:31 - 01156136 ____C (Ruiware) C:\Users\labuhn\Downloads\wpsetup.exe
2015-01-23 19:28 - 2015-01-24 10:30 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-23 19:28 - 2015-01-23 19:28 - 00001117 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-23 19:28 - 2015-01-23 19:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-23 19:28 - 2015-01-23 19:28 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-23 19:28 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-23 19:28 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-23 19:28 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-23 19:26 - 2015-01-23 19:28 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\labuhn\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-23 19:18 - 2015-01-23 19:18 - 00001084 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-01-23 19:18 - 2015-01-23 19:18 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Secunia PSI
2015-01-23 19:18 - 2015-01-23 19:18 - 00000000 ___DC () C:\Program Files (x86)\Secunia
2015-01-23 19:17 - 2015-01-23 19:17 - 05490752 ____C (Secunia) C:\Users\labuhn\Downloads\PSISetup10004.exe
2015-01-23 18:35 - 2015-01-24 10:41 - 00000000 ___DC () C:\FRST
2015-01-23 18:35 - 2015-01-23 18:35 - 02126848 ____C (Farbar) C:\Users\labuhn\Desktop\FRST64.exe
2015-01-22 20:31 - 2015-01-22 20:31 - 639685778 _____ () C:\Windows\MEMORY.DMP
2015-01-22 20:31 - 2015-01-22 20:31 - 00262144 ____C () C:\Windows\Minidump\012215-10779-01.dmp
2015-01-22 20:18 - 2015-01-22 21:18 - 00000528 ____C () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2015-01-22 20:18 - 2015-01-22 20:18 - 00003372 ____C () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay
2015-01-22 10:37 - 2015-01-22 12:39 - 00013049 _____ () C:\Users\labuhn\Documents\Kostenerst. AA_Sperrfrist.xlsx
2015-01-20 22:01 - 2015-01-24 10:30 - 00000000 ___DC () C:\Program Files (x86)\Emsisoft Internet Security
2015-01-20 22:01 - 2015-01-20 22:01 - 00001141 ____C () C:\Users\Public\Desktop\Emsisoft Internet Security.lnk
2015-01-20 22:01 - 2015-01-20 22:01 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Internet Security
2015-01-20 22:01 - 2015-01-01 21:36 - 00491632 ____C () C:\Windows\system32\Drivers\fwndis64.sys
2015-01-20 21:36 - 2015-01-20 21:48 - 174144800 ____C (Emsisoft Ltd. ) C:\Users\labuhn\Downloads\EmsisoftInternetSecuritySetup.exe
2015-01-20 21:24 - 2015-01-20 21:24 - 00000000 ___DC () C:\ProgramData\Emsisoft
2015-01-20 21:10 - 2015-01-20 22:17 - 00000000 ___DC () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-20 20:40 - 2015-01-20 21:04 - 174166544 ____C (Emsisoft Ltd. ) C:\Users\labuhn\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-20 12:30 - 2015-01-20 12:30 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{F741C8F8-A5F6-4568-9E02-8B90714A9CBE}
2015-01-19 20:23 - 2015-01-19 20:23 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{30581E8D-05CB-4B7F-8E8C-7226F2D285C0}
2015-01-19 18:27 - 2015-01-19 18:27 - 00000000 ___DC () C:\Users\labuhn\Desktop\Alte Firefox-Daten
2015-01-19 18:24 - 2015-01-19 18:24 - 00001174 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 18:24 - 2015-01-19 18:24 - 00001162 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-19 18:24 - 2015-01-19 18:24 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 18:24 - 2015-01-19 18:24 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 21:13 - 2015-01-18 21:13 - 00003272 ____C () C:\Windows\System32\Tasks\{1242A189-364D-4123-A75E-83E64A5B352F}
2015-01-18 19:05 - 2015-01-18 19:05 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{40915967-1A4F-4461-8AE9-CEA1C81EE4C7}
2015-01-18 11:32 - 2015-01-18 11:32 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{88BB5101-9A6D-4005-8748-ECAF1670213A}
2015-01-18 11:29 - 2015-01-18 11:29 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\PCDr
2015-01-18 11:28 - 2015-01-23 19:13 - 00000000 ___DC () C:\ProgramData\PCDr
2015-01-18 10:25 - 2015-01-20 19:00 - 00000000 ___DC () C:\Windows\ERUNT
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-01-17 20:48 - 2015-01-20 18:56 - 00000000 ___DC () C:\Windows\erdnt
2015-01-17 20:45 - 2015-01-23 19:49 - 00008296 ____C () C:\Windows\PFRO.log
2015-01-17 20:14 - 2015-01-20 19:03 - 00000000 ___DC () C:\Program Files (x86)\VS Revo Group
2015-01-17 11:47 - 2015-01-17 11:47 - 00000000 ____C () C:\autoexec.bat
2015-01-17 11:12 - 2015-01-24 10:40 - 00005853 ____C () C:\Windows\setupact.log
2015-01-17 11:12 - 2015-01-17 11:12 - 00000000 ____C () C:\Windows\setuperr.log
2015-01-15 20:29 - 2015-01-23 20:19 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 20:29 - 2015-01-23 19:53 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 07:26 - 2015-01-14 08:32 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:26 - 2015-01-14 08:32 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 07:18 - 2015-01-13 08:49 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-13 07:18 - 2015-01-13 08:49 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-12 21:58 - 2015-01-12 21:58 - 00000773 ____C () C:\Windows\removeep.cmd
2015-01-12 21:41 - 2015-01-12 21:41 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\reaper
2015-01-12 20:55 - 2015-01-12 20:55 - 00000000 ___DC () C:\Users\Public\Lenovo
2015-01-12 20:30 - 2015-01-12 20:30 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-12 20:30 - 2015-01-12 20:30 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-11 10:00 - 2015-01-11 10:00 - 00000000 ___DC () C:\Program Files (x86)\Live Radio Stations
2015-01-11 09:59 - 2015-01-11 09:59 - 00000000 ___DC () C:\Program Files (x86)\uNiisales
2015-01-07 12:44 - 2015-01-07 12:47 - 00000000 ___DC () C:\Users\labuhn\Documents\2015 Bewerbungen
2014-12-27 11:29 - 2015-01-22 20:43 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-01-28 Kontenklärung
2014-12-27 10:25 - 2014-12-27 11:19 - 00000000 __RDC () C:\Users\labuhn\Documents\Scannen
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\MAGIX
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Program Files\Common Files\MAGIX Shared
2014-12-26 18:27 - 2015-01-12 21:57 - 00000000 __RDC () C:\Users\labuhn\Documents\MAGIX
2014-12-26 18:27 - 2015-01-12 21:56 - 00000000 ___DC () C:\ProgramData\MAGIX
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 _RHDC () C:\Users\Public\Libraries
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Apple Computer
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieUserList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieSiteList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 10:37 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 10:37 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 10:34 - 2011-12-11 08:37 - 00699682 ____C () C:\Windows\system32\perfh007.dat
2015-01-24 10:34 - 2011-12-11 08:37 - 00149790 ____C () C:\Windows\system32\perfc007.dat
2015-01-24 10:34 - 2009-07-14 06:13 - 01620684 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 10:31 - 2011-12-26 16:40 - 00000000 ___DC () C:\Users\labuhn\AppData\Temp
2015-01-24 10:31 - 2011-12-11 00:04 - 02026589 ____C () C:\Windows\WindowsUpdate.log
2015-01-24 10:29 - 2011-12-10 23:58 - 00000000 ___DC () C:\ProgramData\NVIDIA
2015-01-24 10:29 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-23 19:58 - 2012-10-13 18:36 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-23 19:53 - 2013-02-27 15:06 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-23 19:53 - 2011-12-25 19:43 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 19:13 - 2011-12-15 21:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-23 19:10 - 2011-12-15 21:06 - 00000466 ____C () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-23 17:46 - 2011-12-11 00:06 - 00003502 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-01-22 20:54 - 2014-04-14 17:39 - 00000000 ___DC () C:\EFW 2014-04-14
2015-01-22 20:31 - 2012-01-07 19:15 - 00000000 ___DC () C:\Windows\Minidump
2015-01-22 20:31 - 2011-12-15 21:06 - 00000528 ____C () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-22 20:18 - 2011-12-11 00:06 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-01-22 15:03 - 2011-12-25 20:52 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Microsoft Help
2015-01-20 12:30 - 2014-07-11 07:46 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Windows Live
2015-01-19 20:46 - 2012-11-17 18:03 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\CrashDumps
2015-01-18 10:07 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\Web
2015-01-17 20:54 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-01-17 20:53 - 2009-07-14 03:34 - 93847552 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 19398656 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 05242880 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-17 20:45 - 2013-11-10 11:50 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-17 20:44 - 2013-11-10 11:50 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2015-01-17 20:44 - 2012-01-15 20:48 - 00001912 ____C () C:\Windows\epplauncher.mif
2015-01-17 11:47 - 2011-12-15 21:05 - 00000000 ___DC () C:\Users\labuhn
2015-01-17 10:55 - 2011-02-15 10:42 - 00000000 ___DC () C:\Windows\Panther
2015-01-16 20:07 - 2014-12-05 17:23 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-10_bis_12 Neuseeland & Sydney
2015-01-15 20:37 - 2011-12-15 21:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Adobe
2015-01-15 20:28 - 2014-01-19 15:53 - 00000000 ___DC () C:\ProgramData\McAfee Security Scan
2015-01-14 08:32 - 2013-08-15 20:27 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 08:23 - 2011-12-18 19:12 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 19:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-12 21:58 - 2014-04-27 09:50 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Lenovo
2015-01-12 21:58 - 2011-12-10 23:54 - 00000000 ___DC () C:\Program Files (x86)\Lenovo
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ___DC () C:\Windows\Downloaded Installations
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2015-01-12 20:55 - 2012-10-13 18:45 - 00000000 __HDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 11:03 - 2013-02-10 18:27 - 00011861 _____ () C:\Users\labuhn\Documents\Silberhochzeitsliste.xlsx
2015-01-05 10:54 - 2013-07-28 07:44 - 00000000 ___DC () C:\Users\labuhn\Documents\2013-07-27 Silberhochzeit
2015-01-05 10:47 - 2014-02-23 19:05 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-02-23 Natalie beim Griechen
2015-01-04 19:07 - 2011-12-28 18:50 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-12-29 09:53 - 2014-08-15 18:39 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-07-26 Vater und Torsten
2014-12-28 22:41 - 2014-02-23 19:34 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-06-17 Dichtschlemme
2014-12-27 10:18 - 2014-01-28 13:39 - 00000000 ___DC () C:\Users\labuhn\Documents\Scanner
2014-12-26 18:52 - 2011-12-15 21:06 - 00152288 ____C () C:\Users\labuhn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 18:52 - 2009-07-14 05:45 - 00481912 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-12-26 18:27 - 2014-10-02 10:05 - 00000000 ___DC () C:\ProgramData\Package Cache
2014-12-26 18:27 - 2011-12-16 20:00 - 00000000 ___DC () C:\Program Files (x86)\MSXML 4.0
2014-12-26 18:14 - 2012-10-13 18:37 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\vlc

==================== Files in the root of some directories =======
2012-06-28 09:20 - 2012-06-28 09:20 - 0033134 ____C () C:\Users\labuhn\AppData\Roaming\UserTile.png
2012-10-13 20:18 - 2012-10-13 20:18 - 0000438 ____C () C:\Users\labuhn\AppData\Local\WiDiLog.20121013.211832.txt
2012-10-13 20:18 - 2012-10-13 20:18 - 0018362 ____C () C:\Users\labuhn\AppData\Local\WiDiSetupLog.20121013.211803.txt

Files to move or delete:
====================
C:\Users\labuhn\Windows-KB890830-x64-V5.9.exe


Some content of TEMP:
====================
C:\Users\labuhn\AppData\Local\Temp\ERUNT.exe
C:\Users\labuhn\AppData\Local\Temp\Quarantine.exe
C:\Users\labuhn\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 19:27

==================== End Of Log ============================
         
 
--- --- ---

--- --- ---
--------------

Code:
ATTFilter
---------------FRST Additions Logfile:


	
Code: 

 
ATTFilter


  

	
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by labuhn at 2015-01-24 10:41:22
Running from C:\Users\labuhn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Internet Security (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Emsisoft Internet Security (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\{2BE0DC49-FA94-4853-A62A-F1E02ECAA67E}) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\{D901557E-8AF2-4F66-BE3C-B8C816397BD5}) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Fingerprint Software Patch (HKLM\...\{CFF603B5-8D80-45FB-906A-9ABFC05C8134}) (Version: 5.9.7.7261 - Authentec Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.10.0 - Rakuten Kobo Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
PANTONE Color Calibrator 1.0 (HKLM-x32\...\PANTONE Color Calibrator_is1) (Version:  - X-Rite)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PHOTOfunSTUDIO (HKLM-x32\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.000 - Panasonic)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.23 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.3.64 - VeriSign)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows-Treiberpaket - Intel USB  (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
X-Rite Device i1Display Service (HKLM-x32\...\{D2A53206-6A9E-4241-B21C-D94140EEF1CE}_is1) (Version: 1.0 - X-Rite Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-01-2015 18:56:40 ComboFix created restore point
20-01-2015 22:01:31 Gerätetreiber-Paketinstallation: Emsisoft Netzwerkdienst

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-17 20:54 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E64B757-F444-4522-A8AC-6E412A7A02D0} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {1205F5DE-DFDC-4CE8-A182-1734B0EF8CD6} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {13EA9A5A-30BB-4C84-ABAC-D909BAF25649} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1E033804-F737-4CDE-A3A5-B5D92A37E538} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {27A14130-8F1B-40A8-95B5-8A900ECB9374} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {34A12EA4-144D-4CB0-933D-1809705ACBBE} - System32\Tasks\{3C8F45EC-F5FB-402A-8A26-55BC1B0B3AE5} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {37512D22-E517-4059-A3CE-74D7B3399FBB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {4A69786C-D02F-48E7-B05D-F9898810053A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {542CAD51-3C64-4736-B4A5-3E048039FB10} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {55358189-A0EE-450A-839E-7D9D64A46670} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {61FDFDF7-6B0D-4D85-8567-CB4DCB9C4073} - System32\Tasks\{1242A189-364D-4123-A75E-83E64A5B352F} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {7FD6222F-8ACC-41B1-933F-EA9DF1E34A83} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {86BCCB31-4EC6-4F57-A8AE-ED8DF366DB07} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {903BD336-D0C9-406A-B82B-F05BB2E1632B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A567C105-7E5C-4ED0-895C-02B147D1EA9A} - System32\Tasks\{F7F9A972-929F-4257-AEFC-13ED440C4071} => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [2011-02-23] (shbox.de)
Task: {B45BD918-30EB-46EF-8373-4378EB67A0EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated)
Task: {BACA9D0D-5FFD-4456-B888-2E8C295AD664} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {C9884205-4702-4D83-BD0B-078E8CA9618F} - System32\Tasks\{4EF7FF4F-3300-4392-AB7F-F3809BC022EA} => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [2011-02-23] (shbox.de)
Task: {DDCD4437-F67A-42B1-9116-5B9A58505E99} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {E9A9A214-2E7B-4CB6-A8F1-8B3FD05EE324} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {F1B77A2C-D0FC-4EFA-8C69-9B32CC144B5B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-10-13 20:20 - 2012-10-02 20:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-04-09 17:36 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-12-11 08:35 - 2011-05-19 13:04 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-12-10 23:54 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-12-10 23:58 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-11 00:00 - 2011-08-31 19:03 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-12-11 00:00 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-12-11 00:00 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2015-01-19 18:24 - 2015-01-09 10:05 - 03925104 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1102651152-2822926887-2028513216-500 - Administrator - Disabled)
Gast (S-1-5-21-1102651152-2822926887-2028513216-501 - Limited - Disabled)
labuhn (S-1-5-21-1102651152-2822926887-2028513216-1001 - Administrator - Enabled) => C:\Users\labuhn
UpdatusUser (S-1-5-21-1102651152-2822926887-2028513216-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 10:29:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 10:21:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 08:28:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 07:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 07:20:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x14dc
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3

Error: (01/23/2015 07:13:48 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1464) Asapi: (19:13:48:7610)(1464) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>3117D3D219F6505B</RequestId><HostId>7h0VDSvddFVCxrOoDblV6YV14G9RSDC/pj8f0ejVedqV+USibzlhZO68511XaihHC4StDOFx4r0=</HostId></Error>

Error: (01/23/2015 07:10:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 05:46:13 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7132) Asapi: (17:46:13:0270)(7132) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>C6745D68D4976D06</RequestId><HostId>lY6qLCIhLy4MnWhsoVZYOES2qpDb9K0//ho9J+/4xc8RCarM9Jgq7iNXSjS/1XlZ</HostId></Error>

Error: (01/23/2015 07:21:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 08:59:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (01/24/2015 10:32:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/24/2015 10:32:01 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/24/2015 10:23:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/24/2015 10:23:17 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/23/2015 08:30:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/23/2015 08:30:26 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/23/2015 07:52:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/23/2015 07:52:14 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/23/2015 07:20:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/23/2015 07:13:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (01/24/2015 10:29:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 10:21:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 08:28:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 07:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 07:20:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000050000000014dc01d037390b89330aC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown79200f4f-a32c-11e4-84c7-f0def1ae25c9

Error: (01/23/2015 07:13:48 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1464) Asapi: (19:13:48:7610)(1464) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>3117D3D219F6505B</RequestId><HostId>7h0VDSvddFVCxrOoDblV6YV14G9RSDC/pj8f0ejVedqV+USibzlhZO68511XaihHC4StDOFx4r0=</HostId></Error>

Error: (01/23/2015 07:10:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 05:46:13 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7132) Asapi: (17:46:13:0270)(7132) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>C6745D68D4976D06</RequestId><HostId>lY6qLCIhLy4MnWhsoVZYOES2qpDb9K0//ho9J+/4xc8RCarM9Jgq7iNXSjS/1XlZ</HostId></Error>

Error: (01/23/2015 07:21:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 08:59:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe


CodeIntegrity Errors:
===================================
  Date: 2015-01-17 20:52:50.965
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-17 20:52:50.918
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8075.23 MB
Available physical RAM: 5517.28 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 13052.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:102.15 GB) (Free:26.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 006873D0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
 
--- --- ---
--------------
Gruß
Energie2000
Geändert von Energie2000 (24.01.2015 um 11:04 Uhr)

Alt 24.01.2015, 11:14   #20
schrauber
/// the machine
/// TB-Ausbilder
 
cdn cache virus - Standard

cdn cache virus


Eins nach dem Andern


Zitat:
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Die beiden deinstallieren, WIndows update aufsuchen, dan wird es neu installiert. Dann sollte die Datei wieder da sein


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Windows\syswow64\inf

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.01.2015, 15:12   #21
Energie2000
 
cdn cache virus - Standard

cdn cache virus


Ja, ja, immer chronologisch, ok :-)

habe wieder getan, aber die beiden MC Visual C...-Dateien habe ich über den Windows-update nicht bekommen bzw. (auch nach mehrmaligem Download) sind die bei installierte Programme nicht zu sehen. ???

Hier der Fixlog:

Code:
ATTFilter
--------
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by labuhn at 2015-01-24 15:06:31 Run:2
Running from C:\Users\labuhn\Desktop
Loaded Profiles: labuhn (Available profiles: UpdatusUser & labuhn)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\syswow64\inf
*****************

C:\Windows\syswow64\inf => Moved successfully.

==== End of Fixlog 15:06:31 ====
--------

Gruß
Energie2000

Alt 24.01.2015, 16:21   #22
schrauber
/// the machine
/// TB-Ausbilder
 
cdn cache virus - Standard

cdn cache virus


Lässt du bei der Update Suche auch optionale Updates anzeigen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.01.2015, 17:24   #23
Energie2000
 
cdn cache virus - Standard

cdn cache virus


Jawohl. Dort sind nur ein paar Sachen für Intel, MS.Net Framework ....

Alt 24.01.2015, 20:49   #24
schrauber
/// the machine
/// TB-Ausbilder
 
cdn cache virus - Standard

cdn cache virus


Merkwürdig.

Bitte laden und installieren:
Download Microsoft*Visual*C++*2010 Redistributable Package (x86) from Official Microsoft Download Center
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.01.2015, 22:01   #25
Energie2000
 
cdn cache virus - Standard

cdn cache virus


Habe getan.

Gruß
Energie2000

Alt 25.01.2015, 08:59   #26
schrauber
/// the machine
/// TB-Ausbilder
 
cdn cache virus - Standard

cdn cache virus


Was macht die Meldung mit der Datei?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2015, 10:46   #27
Energie2000
 
cdn cache virus - Standard

cdn cache virus


Guten Morgen Schrauber,

die Datei MS Visual C ... (x86) ist jetzt über update da, allerdings ist das die Version von 2010 (ich hatte vorher die von 2012, finde/bekomme aber auch keine update-Aufforderung für 2012) + dann gabs noch eine 2te Datei mit MS Visual C ... (x64). Brauche ich die nicht mehr? Sehe auch keine Update-Aufforderung dafür.

Das ist der Stand dazu.

Ich bekomme über Secunia PSI immer eine Update-Aufforderung für "MS XML Core Services (MSXML)4.x". Habe ich schon 3x gemacht, aber eine der 4 Dateien - msxml_ia64 - lässt sich partout nicht installieren. Es kommt immer die Meldung: "Installationspaket wird auf dieser Plattform nicht unterstützt. Bitte an Hersteller wenden." Dadurch werde ich die Aufforderung von Secunia PSI nicht los nach jedem Start.
???

Gruß
Energie2000

Alt 25.01.2015, 12:41   #28
schrauber
/// the machine
/// TB-Ausbilder
 
cdn cache virus - Standard

cdn cache virus


Die Meldung von Secunia kannste ignorieren. Wenn du die 2012er brauchst wird sie schon via Update kommen .

zweiter Bildschirm?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2015, 12:56   #29
Energie2000
 
cdn cache virus - Standard

cdn cache virus


Ok, danke wieder mal.
2ten Bildschirm kriege ich nicht hin.

Gruß

Alt 25.01.2015, 12:59   #30
schrauber
/// the machine
/// TB-Ausbilder
 
cdn cache virus - Standard

cdn cache virus


Das war ja meine Frage. Also die Meldung mit der fehlenden Datei kommt immer noch, obwohl jetzt das 2010er installiert ist?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 2 von 5 1 2 34 Letzte »

Themen zu cdn cache virus
cache, frst.txt, logfiles, rechner, virus, windows


« Ausus 2in1 Book Windows 8 Nach Anmeldung Schwarzer Bildschirm abgesicherter Modus nicht möglich | FreeYoutube Converter Virus? »


Ähnliche Themen: cdn cache virus


  1. cdn cache virus
    Plagegeister aller Art und deren Bekämpfung - 28.09.2014 (17)
  2. Funde im Java Cache
    Plagegeister aller Art und deren Bekämpfung - 15.07.2014 (7)
  3. JS/BlacoleRef.DD.38 in Firefox Cache Win 7
    Log-Analyse und Auswertung - 14.11.2013 (5)
  4. EXP/JS.Iframe.AL in Firefox Cache
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (52)
  5. scrinject.b.gen in Browser Cache
    Log-Analyse und Auswertung - 02.12.2011 (16)
  6. Virus im Verzeichnis "User\Benutzer\Cache\"
    Plagegeister aller Art und deren Bekämpfung - 21.08.2011 (23)
  7. TR/Dropper.Gen in .../JAR.CACHE gefunden !
    Log-Analyse und Auswertung - 10.08.2011 (1)
  8. Trojaner in Java-Cache
    Plagegeister aller Art und deren Bekämpfung - 07.11.2010 (5)
  9. Firefox Cache: EXP/Pidief.GL
    Plagegeister aller Art und deren Bekämpfung - 14.12.2009 (1)
  10. HTML.Malware Cache
    Log-Analyse und Auswertung - 01.07.2009 (0)
  11. Trojaner im mozilla cache
    Plagegeister aller Art und deren Bekämpfung - 11.10.2008 (2)
  12. Browser Cache löschen
    Antiviren-, Firewall- und andere Schutzprogramme - 28.04.2008 (3)
  13. Firefox Cache
    Plagegeister aller Art und deren Bekämpfung - 14.01.2008 (7)
  14. Komische Dateien im Cache
    Plagegeister aller Art und deren Bekämpfung - 11.07.2005 (0)
  15. Temp und Cache Ordner
    Alles rund um Windows - 10.03.2005 (7)
  16. Cache
    Log-Analyse und Auswertung - 08.02.2005 (4)
  17. Opera Cache
    Alles rund um Windows - 12.03.2003 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema cdn cache virus - Zitat: Ist der CCCleaner ein Registery Cleaner? Habe ihn aber bereits deinstalliert. Ja ist er. Kanste aber wieder installieren um die Temps zu reinigen, dafür ist er spitze. Zitat: Woher - cdn cache virus...
Archiv
Du betrachtest: cdn cache virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131