![]() |
|
Log-Analyse und Auswertung: Win7: Kaspersky meldet wiederholt infizierte DLL-DateienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien Hallo, ich habe folgendes Problem: Seit kurzem meldet meine Kaspersky Antivirus Software immer wieder mehrere DLL-Dateien mit folgendem Kommentar: Datei: C:\Windows\Temp\j_vfu5c.dll "Ein Angreifer kann ein legales Programm benutzen, um ihren Computer zu beschädigen oder um auf ihre Daten zuzugreifen:" Aktuell habe ich diese Meldung zu 7 Dateien, alle im Temp Ordner. Als das zum ersten Mal passierte, versuchte ich das ganze mithilfe von Kaspersky zu beheben. Die Meldungen sind dann auch weg, kehren aber nach relativ kurzer Zeit zurück. Hier die gewünschten Logs: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:31 on 01/03/2015 (Xaver) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... -=E.O.F=- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015 Ran by Xaver_2 (ATTENTION: The logged in user is not administrator) on E535 on 02-03-2015 11:19:32 Running from C:\Users\Xaver_2\Desktop Loaded Profiles: Xaver_2 (Available profiles: Xaver & Xaver_2) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> winlogon.exe Failed to access process -> svchost.exe Failed to access process -> TrueSuiteService.exe Failed to access process -> ibmpmsvc.exe Failed to access process -> svchost.exe Failed to access process -> atiesrxx.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> vpnagent.exe Failed to access process -> atieclxx.exe Failed to access process -> svchost.exe Failed to access process -> wlanext.exe Failed to access process -> conhost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> AdAppMgrSvc.exe Failed to access process -> armsvc.exe Failed to access process -> Fuel.Service.exe Failed to access process -> Connect.Service.ContentService.exe Failed to access process -> avp.exe Failed to access process -> btwdins.exe Failed to access process -> officeclicktorun.exe Failed to access process -> PresentationFontCache.exe Failed to access process -> taskeng.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe Failed to access process -> CamMute.exe Failed to access process -> TPKNRSVC.exe Failed to access process -> vcamsvc.exe Failed to access process -> lvvsst.exe Failed to access process -> srpts.exe Failed to access process -> virtscrl.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Spotify Ltd) C:\Users\Xaver_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Dropbox, Inc.) C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe Failed to access process -> SASrv.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> TPHKSVC.exe Failed to access process -> tpnumlkd.exe Failed to access process -> tphkload.exe Failed to access process -> tpnumlk.exe Failed to access process -> micmute.exe Failed to access process -> srptsl.exe Failed to access process -> conhost.exe Failed to access process -> SearchIndexer.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files (x86)\LPT\srptm.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe Failed to access process -> TrueService.exe Failed to access process -> TrueService.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> unsecapp.exe Failed to access process -> rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe Failed to access process -> shtctky.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe Failed to access process -> svchost.exe Failed to access process -> wmpnetwk.exe Failed to access process -> svchost.exe Failed to access process -> PWMDBSVC.exe Failed to access process -> rundll32.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.) HKLM\...\Run: [] => [X] HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-04-09] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.) HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Run: [Spotify Web Helper] => C:\Users\Xaver_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-14] (Spotify Ltd) HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Policies\Explorer: [] HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\MountPoints2: {a7eeea8d-5b85-11e4-a7f5-2cd05a1d5237} - G:\setup\rsrc\Autorun.exe AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Xaver_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms} HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0Og5rfxXvBjEn77eG45A,, HKU\S-1-5-21-396452479-186164142-1222412316-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-396452479-186164142-1222412316-1003 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1 FireFox: ======== FF ProfilePath: C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default FF SelectedSearchEngine: Web Search FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYe5hq9Hhq-_GMpGqdywNhvS5wC6UB9WkG37BhUE3R29Pcnn12zRpgfqvTm3-fi8nSbzX_ura2Igl4yXJ0Og5rfxXvBjEn77eG45A,, FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KthdYZMpRfS8ZNoRUmznVK2tYhv_J-mnDoo8X8qEHN-nUX4IT2_j_4gzv2GlsRjTYS_qt81sfUblMmcd6rn7T4IidZYkKUjVFnjI1WquCbRdbBK0wS3q9VZJVz9XKllf2Ar-EhMoZNJW4-rjv4gdioTvpQQh3Vbru4bg,,&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-396452479-186164142-1222412316-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Xaver_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\searchplugins\.xml FF SearchPlugin: C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\searchplugins\Web Search.xml FF Extension: Adblock Plus - C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-24] FF Extension: BetterPrivacy - C:\Users\Xaver_2\AppData\Roaming\Mozilla\Firefox\Profiles\yqd6fu79.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-24] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-01-26] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-15] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-15] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-15] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-01-15] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-15] FF HKU\.DEFAULT\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 FF HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed] R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-03-29] (Broadcom Corporation.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] () <==== ATTENTION S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-09-16] () S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed] R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.) S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-30] (Disc Soft Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-01-17] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-01-17] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [149632 2013-04-09] (Ricoh co.,Ltd.) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-26] (Synaptics Incorporated) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-02 11:19 - 2015-03-02 11:20 - 00030588 _____ () C:\Users\Xaver_2\Desktop\FRST.txt 2015-03-02 11:09 - 2015-03-02 11:09 - 00001613 _____ () C:\Users\Xaver_2\Desktop\KISreport.txt 2015-03-02 10:07 - 2015-03-02 10:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2015-03-01 16:31 - 2015-03-01 16:31 - 00000542 _____ () C:\Users\Xaver_2\Desktop\defogger_disable.log 2015-03-01 16:31 - 2015-03-01 16:31 - 00000168 _____ () C:\Users\Xaver\defogger_reenable 2015-03-01 16:29 - 2015-03-01 16:29 - 00050477 _____ () C:\Users\Xaver_2\Desktop\Defogger.exe 2015-03-01 16:11 - 2015-03-02 11:19 - 00000000 ____D () C:\FRST 2015-03-01 16:11 - 2015-03-01 16:11 - 02092544 _____ (Farbar) C:\Users\Xaver_2\Desktop\FRST64.exe 2015-02-27 10:55 - 2015-02-27 10:55 - 00002145 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk 2015-02-27 10:55 - 2015-02-27 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro 2015-02-27 10:55 - 2015-02-27 10:55 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-25 01:18 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 01:18 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-18 19:59 - 2015-02-20 13:43 - 00000000 ____D () C:\Windows\Minidump 2015-02-18 19:58 - 2015-02-20 13:43 - 401471716 _____ () C:\Windows\MEMORY.DMP 2015-02-18 19:38 - 2015-02-18 19:38 - 00000165 ____H () C:\Users\Xaver_2\Desktop\~$EbayVerkäufe.xlsx 2015-02-15 17:24 - 2015-03-02 10:16 - 00005478 _____ () C:\Windows\setupact.log 2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-14 08:44 - 2015-02-14 08:44 - 00000000 ____D () C:\Users\Xaver_2\Documents\OneNote-Notizbücher 2015-02-12 20:39 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 20:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 20:39 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 20:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 22:30 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 22:30 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 22:30 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 22:30 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 22:30 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 22:30 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 22:30 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 22:30 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 22:30 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 22:30 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 22:30 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 22:30 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 22:30 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 22:30 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 22:30 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 22:30 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 22:30 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 22:30 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 22:30 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 22:30 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 22:30 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 22:30 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 22:30 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 22:30 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 22:30 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 22:30 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 22:30 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 22:30 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 22:30 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 22:30 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 22:30 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 22:30 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 22:30 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 22:30 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 22:30 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 22:30 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 22:30 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 22:30 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 22:30 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 22:30 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 22:30 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 22:30 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 22:30 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 22:30 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 22:30 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 22:30 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 22:30 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 22:30 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 22:30 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 22:30 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 22:30 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 22:30 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 22:21 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 22:21 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 22:21 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 22:21 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 22:21 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 22:21 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 22:21 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 22:21 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 22:20 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 22:20 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 22:20 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 22:20 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 22:20 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 22:20 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 22:20 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 22:20 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 22:20 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 22:20 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 22:20 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 22:20 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 22:20 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 22:20 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 22:16 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 22:16 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 22:16 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 22:16 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 22:16 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 22:16 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 22:16 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 22:16 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 22:16 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 22:16 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 22:16 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 22:16 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 22:16 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 22:16 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 22:16 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 22:16 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 22:16 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 22:16 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 22:16 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 22:16 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 22:16 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 22:16 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 22:16 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-02-11 22:16 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-02-11 22:16 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-02-11 22:16 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-02-11 22:15 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 22:15 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 22:15 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 22:15 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 22:15 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 22:15 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 22:15 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 22:15 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 22:15 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 22:15 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 22:15 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 22:14 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-01 16:15 - 2015-02-01 16:15 - 00002073 _____ () C:\Users\Public\Desktop\HEC-RAS 4.1.0.lnk 2015-02-01 16:15 - 2015-02-01 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HEC 2015-02-01 16:15 - 2015-02-01 16:15 - 00000000 ____D () C:\Program Files (x86)\HEC ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-02 10:27 - 2014-10-24 10:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-02 10:14 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-02 10:14 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-02 10:11 - 2014-11-06 17:42 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job 2015-03-02 10:11 - 2014-10-24 00:07 - 01988141 _____ () C:\Windows\WindowsUpdate.log 2015-03-02 10:08 - 2014-11-06 17:06 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Dropbox 2015-03-02 10:07 - 2015-01-15 20:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-02 10:07 - 2014-12-23 07:31 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Raptr 2015-03-02 10:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-02 07:26 - 2014-10-24 14:07 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-03-01 20:49 - 2014-11-23 18:13 - 00011683 _____ () C:\Users\Xaver_2\Desktop\EbayVerkäufe.xlsx 2015-03-01 16:31 - 2014-10-24 00:12 - 00000000 ____D () C:\Users\Xaver 2015-02-28 14:13 - 2014-10-25 13:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Spotify 2015-02-28 10:03 - 2014-10-25 13:10 - 00000000 ____D () C:\Users\Xaver_2\AppData\Local\Spotify 2015-02-26 08:30 - 2014-11-07 09:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-25 05:58 - 2014-10-26 14:01 - 00038550 _____ () C:\Windows\PFRO.log 2015-02-24 23:22 - 2014-10-24 16:51 - 00000000 ____D () C:\Users\Xaver_2\Desktop\KV,Bank usw 2015-02-24 22:20 - 2014-10-24 16:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-02-23 17:13 - 2011-04-12 08:43 - 00699234 _____ () C:\Windows\system32\perfh007.dat 2015-02-23 17:13 - 2011-04-12 08:43 - 00149342 _____ () C:\Windows\system32\perfc007.dat 2015-02-23 17:13 - 2009-07-14 06:13 - 01618840 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-18 10:45 - 2014-11-06 21:06 - 00000000 ____D () C:\Users\Xaver_2\AppData\Local\Autodesk 2015-02-18 09:55 - 2014-10-25 15:30 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\DAEMON Tools Lite 2015-02-18 09:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help 2015-02-13 16:03 - 2014-10-24 16:52 - 00000000 ____D () C:\Users\Xaver_2\Desktop\Unterlagen Avantgarde 2015-02-13 13:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-12 08:44 - 2014-11-06 17:07 - 00000000 ____D () C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-12 08:37 - 2009-07-14 05:45 - 00529704 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 08:35 - 2014-12-11 08:26 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 08:35 - 2014-10-24 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 08:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-02-12 00:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-02-12 00:04 - 2014-10-24 01:06 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 23:59 - 2014-10-24 01:06 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-10 06:46 - 2014-11-18 18:07 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm 2015-02-04 20:27 - 2014-10-24 10:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-04 20:27 - 2014-10-24 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-01 15:53 - 2014-10-24 16:51 - 00000000 ____D () C:\Users\Xaver_2\Desktop\Ebay usw 2015-01-31 12:43 - 2014-12-22 21:59 - 00000000 ____D () C:\Users\Xaver\AppData\Roaming\Raptr 2015-01-31 12:42 - 2014-12-22 21:59 - 00000000 ____D () C:\Program Files (x86)\Raptr ==================== Files in the root of some directories ======= 2014-10-24 08:59 - 2014-10-24 08:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-10-30 17:45 - 2014-10-30 17:45 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some content of TEMP: ==================== C:\Users\Xaver_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfk0u2d.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015 Ran by Xaver_2 at 2015-03-02 11:21:07 Running from C:\Users\Xaver_2\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.0 - AppEx Networks) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - ) AutoCAD 2015 - Deutsch (German) (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack - Deutsch (German) (Version: 20.0.51.0 - Autodesk) Hidden Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk) Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk) Autodesk AutoCAD 2015 - Deutsch (German) (HKLM\...\AutoCAD 2015 - Deutsch (German)) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk) Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.201 - Broadcom Corporation) Call of Duty - United Offensive (HKLM-x32\...\InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}) (Version: 1.00.0000 - Activision) Call of Duty - United Offensive (x32 Version: 1.00.0000 - Activision) Hidden Call of Duty (HKLM-x32\...\Call of Duty) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dropbox (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.3 - Lenovo Group Limited) Fingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.) Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) HEC-RAS 4.1.0 (HKLM-x32\...\{692F1402-6F45-42F3-9D82-9AAEFBFAD4A1}) (Version: 4.1.0 - Hydrologic Engineering Center) Integrated Camera Driver Installer Package Ver.1.0.0.27 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.27 - RICOH) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - ) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4400 - Broadcom Corporation) Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - ) Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0020 - Lenovo) LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.22.20141205 - LG Electronics) LG United Mobile Drivers (HKLM-x32\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics) LINGO 14.0/x64 (HKLM\...\{B5BB2F98-F948-4057-884A-49272652F274}) (Version: 14.0 - Lindo Systems Inc) LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.) MATLAB R2014b (HKLM\...\Matlab R2014b) (Version: 8.4 - The MathWorks, Inc.) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.) Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited) Seafile 4.0.4 (HKLM-x32\...\{41E18CDA-69BC-4E5E-BB17-424D8D01F1F9}) (Version: 4.0.4 - HaiWenHuZhi ltd.) Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.26.7 - Client Connect LTD) <==== ATTENTION SketchUp-Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk) Spotify (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) TeX Live 2014 (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\TeXLive2014) (Version: 2014 - ) TeXstudio 2.8.8 (HKLM-x32\...\TeXstudio_is1) (Version: 2.8.8 - Benito van der Zander) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - ) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo) Unity Web Player (HKU\S-1-5-21-396452479-186164142-1222412316-1003\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS) Verfügbare Autodesk-Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk) VideoLAN VLC media player 0.8.6i (HKLM-x32\...\VLC media player) (Version: 0.8.6i - VideoLAN Team) Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.) Yahoo Community Smartbar (HKLM-x32\...\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => Task: C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job => ==================== Loaded Modules (whitelisted) ============== 2013-08-07 02:03 - 2013-08-07 02:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll 2013-08-07 02:04 - 2013-08-07 02:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll 2014-11-06 22:44 - 2014-09-10 06:06 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2014-10-24 08:59 - 2010-10-26 11:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2014-08-27 16:24 - 2014-08-27 16:29 - 00024576 _____ () C:\Program Files (x86)\LPT\srptm.exe 2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-396452479-186164142-1222412316-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Xaver_2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.156.33.53 - 129.187.5.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-396452479-186164142-1222412316-500 - Administrator - Disabled) Gast (S-1-5-21-396452479-186164142-1222412316-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-396452479-186164142-1222412316-1002 - Limited - Enabled) Xaver (S-1-5-21-396452479-186164142-1222412316-1000 - Administrator - Enabled) => C:\Users\Xaver Xaver_2 (S-1-5-21-396452479-186164142-1222412316-1003 - Limited - Enabled) => C:\Users\Xaver_2 ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/02/2015 10:07:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c4102 ID des fehlerhaften Prozesses: 0x8f4 Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0 Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1 Pfad des fehlerhaften Moduls: CxAudMsg64.exe2 Berichtskennung: CxAudMsg64.exe3 Error: (03/02/2015 10:07:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2015 10:38:35 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (03/01/2015 10:38:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (03/01/2015 00:26:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c4102 ID des fehlerhaften Prozesses: 0x918 Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0 Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1 Pfad des fehlerhaften Moduls: CxAudMsg64.exe2 Berichtskennung: CxAudMsg64.exe3 Error: (03/01/2015 00:26:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/28/2015 02:22:49 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070013, Das Medium ist schreibgeschützt. . Error: (02/28/2015 02:22:49 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070013, Das Medium ist schreibgeschützt. ] Error: (02/28/2015 02:22:48 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070013, Das Medium ist schreibgeschützt. . Error: (02/28/2015 02:22:48 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070013, Das Medium ist schreibgeschützt. ] System errors: ============= Error: (03/02/2015 11:06:34 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (03/02/2015 10:39:49 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (03/02/2015 10:08:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/02/2015 10:06:49 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (03/02/2015 10:06:04 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (03/01/2015 11:07:45 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (03/01/2015 08:04:00 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (03/01/2015 07:26:45 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (03/01/2015 07:18:15 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (03/01/2015 04:52:15 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Microsoft Office Sessions: ========================= Error: (03/02/2015 10:07:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.1.7601.18247521eaf24c000037400000000000c41028f401d054c820c1127cC:\Windows\system32\CxAudMsg64.exeC:\Windows\SYSTEM32\ntdll.dll9d83fff5-c0bb-11e4-b14c-2cd05a1d5237 Error: (03/02/2015 10:07:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2015 10:38:35 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1 Error: (03/01/2015 10:38:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (03/01/2015 00:26:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410291801d053adbba78104C:\Windows\system32\CxAudMsg64.exeC:\Windows\SYSTEM32\ntdll.dll362fb375-bfa1-11e4-8179-2cd05a1d5237 Error: (03/01/2015 00:26:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/28/2015 02:22:49 PM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x80070013, Das Medium ist schreibgeschützt. Error: (02/28/2015 02:22:49 PM) (Source: VSS) (EventID: 13) (User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, Das Medium ist schreibgeschützt. Error: (02/28/2015 02:22:48 PM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x80070013, Das Medium ist schreibgeschützt. Error: (02/28/2015 02:22:48 PM) (Source: VSS) (EventID: 13) (User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, Das Medium ist schreibgeschützt. CodeIntegrity Errors: =================================== Date: 2015-02-13 13:18:59.939 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-13 13:18:59.923 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-13 12:54:23.872 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-13 12:54:23.856 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-13 08:25:39.926 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-13 08:25:39.852 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-13 08:14:49.814 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-13 08:14:49.736 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-12 11:32:41.256 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-12 11:32:41.100 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics Percentage of memory in use: 64% Total physical RAM: 3506.98 MB Available physical RAM: 1246.18 MB Total Pagefile: 7012.14 MB Available Pagefile: 3927.75 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:100 GB) (Free:33.86 GB) NTFS Drive d: (Daten) (Fixed) (Total:364.76 GB) (Free:219.53 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Ich hoffe ihr könnt mir helfen! Viele Grüße, ausdemaus Geändert von ausdemaus (02.03.2015 um 11:57 Uhr) |
Themen zu Win7: Kaspersky meldet wiederholt infizierte DLL-Dateien |
adware, antivirus, bildschirm, browser, computer, defender, ebanking, feedback, festplatte, firefox, flash player, frage, homepage, kaspersky, legales programm, mozilla, object, office 365, performance, problem, programm, realtek, registry, rundll, scan, schutz, security, software, windows |