| |  Redirect auf Werbeseiten im Internet explorer mit Windows 8.1
  wohl schon wieder irgend ein Schrott auf dem Rechner...die Malware scheint nur den Windows8.1 Internetexplorer zu betreffen, nicht jedoch die Desktop-Version. Allerdings bin ich mir nicht 100% sicher, ob es sich tatsächlich um Malware handelt?
Hier die erforderlichen -FRST und GHMER- Scans laut "Anleitung für Hilfesuchende des Boards" zu Händen Eurer geübten Augen:
Ihr --->  Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Rhea (administrator) on MNEMOSYNE on 16-02-2015 15:41:02
Running from C:\Users\Rhea\Downloads
Loaded Profiles: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Rhea\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = www.shopssl.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab:
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
S2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 15:40 - 2015-02-16 15:40 - 00000470 _____ () C:\Users\Rhea\Downloads\defogger_disable.log
2015-02-16 15:40 - 2015-02-16 15:40 - 00000000 _____ () C:\Users\Rhea\defogger_reenable
2015-02-16 15:39 - 2015-02-16 15:39 - 00050477 _____ () C:\Users\Rhea\Downloads\Defogger.exe
2015-02-12 18:21 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 18:21 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 05:47 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 05:47 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 05:47 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 05:47 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 20:15 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 20:15 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 20:15 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 20:15 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 20:15 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 20:15 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 20:15 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 20:15 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 20:15 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 20:15 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 20:15 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 20:15 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 20:15 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 20:15 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 20:15 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 20:15 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 20:15 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 20:15 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 20:15 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 20:15 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 20:15 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 20:15 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 20:15 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 20:15 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 20:14 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 20:14 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 20:14 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 20:14 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 20:14 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 20:14 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 20:14 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 20:14 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 20:14 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 20:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 20:14 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 20:14 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 20:14 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 20:14 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 20:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 20:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 20:14 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 20:14 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 20:14 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 20:14 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 20:14 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 20:14 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 20:14 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 20:14 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 20:14 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 20:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 20:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 20:14 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 20:14 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 20:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 20:14 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 20:14 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 20:14 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 20:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 20:14 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 20:14 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 20:12 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-09 09:54 - 2015-02-11 07:56 - 00000000 ____D () C:\Users\Rhea\Documents\Bedfn
2015-02-09 09:53 - 2015-02-09 09:53 - 00000000 ____D () C:\Users\Rhea\Documents\geschafft
2015-02-09 09:52 - 2015-02-09 09:53 - 00000000 ____D () C:\Users\Rhea\Documents\20150203
2015-01-28 14:00 - 2015-01-28 14:00 - 00003893 _____ () C:\Users\Rhea\AppData\Local\recently-used.xbel
2015-01-28 13:52 - 2015-01-28 14:00 - 00000000 ____D () C:\Users\Rhea\AppData\Local\gtk-2.0
2015-01-28 13:52 - 2015-01-28 13:52 - 00000000 ____D () C:\Users\Rhea\.thumbnails
2015-01-27 11:50 - 2015-01-27 11:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 12:12 - 2015-01-25 12:13 - 01817350 _____ () C:\Users\Rhea\Desktop\Laud.gxo
2015-01-25 12:12 - 2015-01-25 12:12 - 01817350 _____ () C:\Users\Rhea\Desktop\Neuestadt15.gpl
2015-01-25 12:12 - 2015-01-25 12:12 - 01817350 _____ () C:\Users\Rhea\Desktop\Kialjung 040115.gp
2015-01-25 12:09 - 2015-01-25 12:09 - 01817350 _____ () C:\Users\Rhea\Desktop\leiter 1.gp
2015-01-17 19:51 - 2015-01-17 23:05 - 00078937 _____ () C:\Users\Rhea\Downloads\GPS-Datendatenköf-Route_1.gpx
2015-01-17 19:32 - 2015-01-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 15:41 - 2014-12-17 18:53 - 00014020 _____ () C:\Users\Rhea\Downloads\FRST.txt
2015-02-16 15:41 - 2014-12-17 18:53 - 00000000 ____D () C:\FRST
2015-02-16 15:40 - 2014-12-20 18:15 - 00000000 ____D () C:\Users\Rhea\Downloads\FRST-OlderVersion
2015-02-16 15:40 - 2014-12-17 18:49 - 02085888 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2015-02-16 15:40 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea
2015-02-16 15:13 - 2014-03-06 21:58 - 01644329 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 15:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-16 15:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 15:01 - 2013-08-22 15:46 - 00032738 _____ () C:\WINDOWS\setupact.log
2015-02-16 15:01 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 15:01 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 15:00 - 2014-03-06 22:26 - 10416714 _____ () C:\Users\Public\CAFADEBUG.log
2015-02-15 21:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-15 19:41 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 19:37 - 2014-06-12 23:55 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 13:03 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2015-02-15 11:35 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-15 11:35 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-15 11:35 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 06:15 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\arsi
2015-02-12 00:16 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 00:14 - 2013-08-22 15:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 19:00 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2015-02-10 18:47 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat
2015-02-03 20:31 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 07:53 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\g Daten
2015-01-29 23:33 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 14:02 - 2014-10-08 00:26 - 00000000 ____D () C:\Users\Rhea\.girampfmp-2.8
2015-01-23 21:19 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Adobe
==================== Files in the root of some directories =======
2005-11-26 23:53 - 2005-11-26 23:53 - 0049152 _____ ( ) C:\Program Files\Interop.WIA.dll
2013-08-25 17:57 - 2013-08-25 17:57 - 0001968 _____ () C:\Program Files\License.txt
2014-07-22 14:14 - 2014-07-22 14:14 - 0828992 _____ (dotPDN LLC) C:\Program Files\PaintDotNet.Base.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 3087872 _____ () C:\Program Files\PaintDotNet.Base.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 0562752 _____ (dotPDN LLC) C:\Program Files\PaintDotNet.Core.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 1826304 _____ () C:\Program Files\PaintDotNet.Core.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 0090688 _____ (dotPDN LLC) C:\Program Files\PaintDotNet.Data.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 0265728 _____ () C:\Program Files\PaintDotNet.Data.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 0195648 _____ (dotPDN LLC) C:\Program Files\PaintDotNet.Effects.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 0495104 _____ () C:\Program Files\PaintDotNet.Effects.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 1766976 _____ (dotPDN LLC) C:\Program Files\PaintDotNet.exe
2014-06-27 13:41 - 2014-06-27 13:41 - 0000429 _____ () C:\Program Files\PaintDotNet.exe.config
2014-07-22 14:14 - 2014-07-22 14:14 - 0337472 _____ (dotPDN LLC) C:\Program Files\PaintDotNet.Framework.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 1019392 _____ () C:\Program Files\PaintDotNet.Framework.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 4711936 _____ () C:\Program Files\PaintDotNet.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 0416832 _____ (dotPDN LLC) C:\Program Files\PaintDotNet.Resources.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 0050688 _____ () C:\Program Files\PaintDotNet.Resources.pdb
2014-06-23 10:10 - 2014-06-23 10:10 - 0145066 ____R () C:\Program Files\PaintDotNet.Strings.3.cs.resources
2014-07-09 11:48 - 2014-07-09 11:48 - 0141037 ____R () C:\Program Files\PaintDotNet.Strings.3.da.resources
2014-06-22 12:49 - 2014-06-22 12:49 - 0147174 ____R () C:\Program Files\PaintDotNet.Strings.3.DE.resources
2014-07-09 11:48 - 2014-07-09 11:48 - 0146230 ____R () C:\Program Files\PaintDotNet.Strings.3.ES.resources
2014-06-14 12:39 - 2014-06-14 12:39 - 0158177 ____R () C:\Program Files\PaintDotNet.Strings.3.fa.resources
2014-06-14 12:39 - 2014-06-14 12:39 - 0140166 ____R () C:\Program Files\PaintDotNet.Strings.3.fi.resources
2014-06-03 16:20 - 2014-06-03 16:20 - 0148878 ____R () C:\Program Files\PaintDotNet.Strings.3.FR.resources
2014-07-15 09:50 - 2014-07-15 09:50 - 0188674 ____R () C:\Program Files\PaintDotNet.Strings.3.hi.resources
2014-07-09 11:48 - 2014-07-09 11:48 - 0145645 ____R () C:\Program Files\PaintDotNet.Strings.3.hu.resources
2014-07-15 09:50 - 2014-07-15 09:50 - 0144519 ____R () C:\Program Files\PaintDotNet.Strings.3.it.resources
2014-06-20 15:13 - 2014-06-20 15:13 - 0155356 ____R () C:\Program Files\PaintDotNet.Strings.3.JA.resources
2014-06-03 16:20 - 2014-06-03 16:20 - 0148596 ____R () C:\Program Files\PaintDotNet.Strings.3.KO.resources
2014-06-14 12:39 - 2014-06-14 12:39 - 0147437 ____R () C:\Program Files\PaintDotNet.Strings.3.lt.resources
2014-06-24 12:17 - 2014-06-24 12:17 - 0142834 ____R () C:\Program Files\PaintDotNet.Strings.3.nl.resources
2014-06-03 16:20 - 2014-06-03 16:20 - 0143720 ____R () C:\Program Files\PaintDotNet.Strings.3.pl.resources
2014-06-14 12:39 - 2014-06-14 12:39 - 0145666 ____R () C:\Program Files\PaintDotNet.Strings.3.PT-BR.resources
2014-06-22 12:49 - 2014-06-22 12:49 - 0145325 ____R () C:\Program Files\PaintDotNet.Strings.3.pt-PT.resources
2014-06-03 12:56 - 2014-06-03 12:56 - 0138840 ____R () C:\Program Files\PaintDotNet.Strings.3.resources
2014-07-09 11:48 - 2014-07-09 11:48 - 0171796 ____R () C:\Program Files\PaintDotNet.Strings.3.RU.resources
2014-06-24 12:17 - 2014-06-24 12:17 - 0135198 ____R () C:\Program Files\PaintDotNet.Strings.3.ZH-CN.resources
2014-07-09 11:48 - 2014-07-09 11:48 - 0137582 ____R () C:\Program Files\PaintDotNet.Strings.3.zh-TW.resources
2014-07-22 14:14 - 2014-07-22 14:14 - 0563264 _____ (dotPDN LLC) C:\Program Files\PaintDotNet.SystemLayer.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 1058368 _____ () C:\Program Files\PaintDotNet.SystemLayer.Native.x64.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 0968256 _____ () C:\Program Files\PaintDotNet.SystemLayer.Native.x86.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 0767488 _____ () C:\Program Files\PaintDotNet.SystemLayer.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 0014400 _____ (dotPDN LLC) C:\Program Files\PdnRepair.exe
2014-06-27 14:37 - 2014-06-27 14:37 - 0000235 _____ () C:\Program Files\PdnRepair.exe.config
2014-07-22 14:14 - 2014-07-22 14:14 - 0013824 _____ () C:\Program Files\PdnRepair.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 0030784 _____ (dotPDN LLC) C:\Program Files\SetupNgen.exe
2010-04-20 23:57 - 2010-04-20 23:57 - 0000254 _____ () C:\Program Files\SetupNgen.exe.config
2014-07-22 14:14 - 2014-07-22 14:14 - 0030208 _____ () C:\Program Files\SetupNgen.pdb
2014-07-22 14:14 - 2014-07-22 14:14 - 0026688 _____ () C:\Program Files\ShellExtension_x64.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 0023616 _____ () C:\Program Files\ShellExtension_x86.dll
2014-07-22 14:14 - 2014-07-22 14:14 - 0015936 _____ (dotPDN LLC) C:\Program Files\UpdateMonitor.exe
2014-06-28 09:29 - 2014-06-28 09:29 - 0000235 _____ () C:\Program Files\UpdateMonitor.exe.config
2014-07-22 14:14 - 2014-07-22 14:14 - 0013824 _____ () C:\Program Files\UpdateMonitor.pdb
2015-01-28 14:00 - 2015-01-28 14:00 - 0003893 _____ () C:\Users\Rhea\AppData\Local\recently-used.xbel
2014-03-06 22:26 - 2014-03-06 22:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-15 20:55
==================== End Of Log ============================
| Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Rhea at 2015-02-16 15:48:51
Running from C:\Users\Rhea\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.35 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0935-000001000000}) (Version: 9.35.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.7.0 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
Energy Manager (x32 Version: 1.0.0.33 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Garmin BaseCamp (HKLM-x32\...\{B0BED0BB-E1C4-49AA-840F-7CA052ADF5EB}) (Version: 4.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3366 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E7E2BEA6-ECCE-4306-9486-A08781BE0AD0}) (Version: 2.0.0.1104 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1104 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.12271 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.310 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StreamTransport version: 1.1.6.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.6 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.013.1202 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
29-01-2015 23:32:05 Windows Update
06-02-2015 12:25:00 Windows Update
11-02-2015 20:46:52 Windows Update
15-02-2015 19:37:08 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0FD3C72A-5BC2-4EEB-8B1B-0617404AEB92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {2D0B16FE-D78C-428B-8397-FEDA08FF37F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {615AE07B-1D0A-43F2-B403-8A591DA8652E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {8532750B-3F0A-4EFA-A180-B77445CF3232} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-03-06] (Lenovo)
Task: {9951E7EB-F9E7-4FEC-A88C-9CA0D8CCEB1F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-03-06 23:06 - 2014-03-06 23:06 - 00062224 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-03-06 23:00 - 2013-11-18 16:40 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2013-11-15 03:01 - 2013-11-15 03:01 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-11-15 02:58 - 2013-11-15 02:58 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-15 03:04 - 2013-11-15 03:04 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-03-06 23:00 - 2013-12-02 18:09 - 00044560 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Util.dll
2014-10-16 22:28 - 2014-10-16 22:28 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-10-26 08:35 - 2014-10-26 08:35 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2014-10-16 22:28 - 2014-10-16 22:28 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-12-16 17:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-16 17:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-16 17:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-16 17:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-16 17:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-12-03 13:35 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-12-03 13:35 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2015-01-17 19:32 - 2015-01-17 19:32 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-17 19:32 - 2015-01-17 19:32 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-17 19:32 - 2015-01-17 19:32 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Rhea\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rhea\Pictures\morris0903053.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3879709871-1962586687-2025067079-500 - Administrator - Disabled)
Gast (S-1-5-21-3879709871-1962586687-2025067079-501 - Limited - Disabled)
Rhea (S-1-5-21-3879709871-1962586687-2025067079-1001 - Administrator - Enabled) => C:\Users\Rhea
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/16/2015 03:32:36 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 03:01:42 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 03:01:42 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfGetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 01:10:13 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 01:10:12 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 01:02:57 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 00:53:04 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/15/2015 09:03:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/15/2015 09:01:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/15/2015 08:43:34 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
System errors:
=============
Error: (02/16/2015 02:59:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/15/2015 10:52:50 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (02/15/2015 10:36:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (02/15/2015 10:30:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (02/15/2015 10:30:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (02/15/2015 09:01:54 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/15/2015 08:56:36 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/15/2015 08:56:06 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/15/2015 07:37:57 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/15/2015 07:37:27 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Microsoft Office Sessions:
=========================
Error: (02/16/2015 03:32:36 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 03:01:42 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 03:01:42 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfGetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 01:10:13 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 01:10:12 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 01:02:57 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/16/2015 00:53:04 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (02/15/2015 09:03:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (02/15/2015 09:01:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (02/15/2015 08:43:34 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.22 MB
Available physical RAM: 2276.66 MB
Total Pagefile: 4683.22 MB
Available Pagefile: 2848.92 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:426.74 GB) (Free:376.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E01DD02)
Partition: GPT Partition Type.
==================== End Of Log ============================
| Zitat:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-16 16:06:02
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000027 WDC_WD5000MPCK-24AWHT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Rhea\AppData\Local\Temp\fwrcipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3876] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff9d71b1f6a 4 bytes [1B, D7, F9, 7F]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3876] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff9d71b1f82 4 bytes [1B, D7, F9, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff9f2cc169a 4 bytes [CC, F2, F9, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9f2cc16a2 4 bytes [CC, F2, F9, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff9f2cc181a 4 bytes [CC, F2, F9, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff9f2cc1832 4 bytes [CC, F2, F9, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2696] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff9f2cc169a 4 bytes [CC, F2, F9, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2696] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9f2cc16a2 4 bytes [CC, F2, F9, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2696] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff9f2cc181a 4 bytes [CC, F2, F9, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2696] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff9f2cc1832 4 bytes [CC, F2, F9, 7F]
.text C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3280] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff9f2cc169a 4 bytes [CC, F2, F9, 7F]
.text C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3280] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff9f2cc16a2 4 bytes [CC, F2, F9, 7F]
.text C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3280] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ff9f2cc181a 4 bytes [CC, F2, F9, 7F]
.text C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3280] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ff9f2cc1832 4 bytes [CC, F2, F9, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [600:5132] fffff9600084ab90
---- Processes - GMER 2.1 ----
Library C:\ProgramData\LenovoTransition\Server\x64\Windows7.SensorAndLocation.dll (*** suspicious ***) @ C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [2004] (FILE NOT FOUND) 000000e8e7ec0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
| Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:40 on 16/02/2015 (Rhea)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
| besten Dank vorab, Ihr Ritter auf der Seite des Lichts im dem heiligen Kampf gegen das ewig böse! 
|
16.02.2015, 16:26
Baum-Darstellung