| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AVG user InterfaceWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.06.2016, 16:30
| #16 |
 |  AVG user Interface Hatten wir doch schon.  Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by ulfw (2016-06-29 17:25:26)
Running from C:\Users\ulfw\Downloads\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-06-27 17:29:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4256507873-131550310-878068454-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4256507873-131550310-878068454-503 - Limited - Disabled)
Guest (S-1-5-21-4256507873-131550310-878068454-501 - Limited - Disabled)
ulfw (S-1-5-21-4256507873-131550310-878068454-1001 - Administrator - Enabled) => C:\Users\ulfw
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
Adobe Premiere Elements 14 (HKLM-x32\...\{18EF738B-56F0-4370-8FEA-93FC9EC51DFA}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{5346695A-EC06-45D4-8ACE-4E889A6D5289}) (Version: 7.9.1488.0 - DisplayLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
EaseUS Partition Master 11.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo BatteryGauge (HKLM\...\{B8D3ED8D-A295-44C2-8AE1-56823D44AD1F}) (Version: 1.0.007.00 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4210 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4210 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.059.01 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.2 - Samsung Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
ViewNX-i (HKLM\...\{C67A5551-26C1-4C7B-A9DF-AD148549D482}) (Version: 1.2.1 - Nikon Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wartung Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version: - Samsung Electronics Co., Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4256507873-131550310-878068454-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05D30E02-FDBD-4291-8385-AA5FB650A559} - System32\Tasks\Lenovo\BatteryGauge => C:\Program Files\lenovo\BatteryGauge\BatteryGaugeIcon.exe [2015-07-11] (Lenovo)
Task: {06FCBD67-E280-4030-92DB-536CF472D14A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {1648F6DA-3CD5-4C12-AA69-EA5574833D27} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {5A5624C2-943F-4659-9A4B-32C5B24134CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {5E5516A8-8AAB-4CDC-8D95-FF4C4DF9121C} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-11] (Lenovo)
Task: {6377755C-BB0B-4341-ABC8-8AB4CB29EADB} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {7E324D52-1AE5-41A9-82F6-3AEE7C0BC338} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8E4C56C1-12B8-480E-9825-0952B5E4062F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-uweissen@bluewin.ch => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {A1076A1D-90BE-4B35-89B1-0C52A9A057A1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => control iMControllerService 128
Task: {C85329DE-73A3-4ECD-B10E-FE238FB443AA} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-06-01] (Lenovo)
Task: {C8C4CBE0-5972-4F96-808A-7AB44DAFA6E1} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {D823706C-E893-4E53-A98E-7C573FDAA2B5} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {E6F2146A-64A5-467C-AA00-B1D17C08269E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {EDF32366-676F-48EC-963B-03DB6FDA586B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-23 19:50 - 2011-06-21 09:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2016-06-19 09:42 - 2016-06-19 09:42 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2015-09-15 01:58 - 2015-09-15 01:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2016-06-23 19:56 - 2015-11-05 21:02 - 00491328 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00226216 _____ () C:\Program Files\update\UpdateAgent.exe
2015-11-01 06:55 - 2015-06-27 11:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2015-11-01 06:47 - 2015-08-19 05:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-27 20:04 - 2016-06-27 20:04 - 00959168 _____ () C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-12 17:20 - 2016-02-12 17:20 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-27 08:10 - 2016-04-27 08:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-01 06:47 - 2015-11-01 06:47 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-11-01 06:47 - 2015-11-01 06:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-06-16 03:53 - 2015-06-16 03:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-06-27 20:38 - 2016-06-27 20:38 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-27 20:38 - 2016-06-27 20:38 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-27 20:38 - 2016-06-27 20:38 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-06-01 20:26 - 2016-06-01 20:28 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-01 20:28 - 2016-06-01 20:29 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-11-01 06:47 - 2015-08-21 08:43 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-06-18 13:07 - 2016-06-15 10:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 13:07 - 2016-06-15 10:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-01 06:50 - 2015-02-13 01:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2016-06-29 14:43 - 2016-06-29 14:43 - 00964096 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-06-01 20:27 - 2016-06-01 20:28 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-06-29 14:43 - 2016-06-29 14:43 - 03311000 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-06-18 12:39 - 2016-06-02 02:48 - 00161736 _____ () C:\ProgramData\Lenovo\iMController\Plugins\LenovoAudioPlugin\x86\QualityStatsRevInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 13:04 - 2016-06-27 17:37 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Control Panel\Desktop\\Wallpaper -> E:\Eigene Dokumente\Eigene Bilder\Oberoesterreich\Eggelsberg-37.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/29/2016 04:51:38 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/29/2016 01:32:55 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/29/2016 11:19:00 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/29/2016 07:15:32 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/28/2016 10:51:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/28/2016 10:49:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/28/2016 02:47:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/28/2016 01:45:55 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/28/2016 12:51:05 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/28/2016 08:18:08 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
System errors:
=============
Error: (06/29/2016 04:34:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (06/29/2016 02:36:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/29/2016 02:07:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/29/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Sync Host_5feee erreicht.
Error: (06/29/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst User Data Storage_5feee erreicht.
Error: (06/29/2016 02:04:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_5feee" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
CodeIntegrity:
===================================
Date: 2016-06-29 14:56:51.837
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-28 08:19:14.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 22:04:07.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 19:27:12.657
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 19:26:36.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 19:21:45.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8097.91 MB
Available physical RAM: 4764.26 MB
Total Virtual: 10017.91 MB
Available Virtual: 6661.33 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:119.12 GB) (Free:41.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Volume) (Fixed) (Total:98.24 GB) (Free:52.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2BC178FB)
Partition: GPT.
==================== End of Addition.txt ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by ulfw (2016-06-29 17:25:26)
Running from C:\Users\ulfw\Downloads\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-06-27 17:29:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4256507873-131550310-878068454-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4256507873-131550310-878068454-503 - Limited - Disabled)
Guest (S-1-5-21-4256507873-131550310-878068454-501 - Limited - Disabled)
ulfw (S-1-5-21-4256507873-131550310-878068454-1001 - Administrator - Enabled) => C:\Users\ulfw
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
Adobe Premiere Elements 14 (HKLM-x32\...\{18EF738B-56F0-4370-8FEA-93FC9EC51DFA}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{5346695A-EC06-45D4-8ACE-4E889A6D5289}) (Version: 7.9.1488.0 - DisplayLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
EaseUS Partition Master 11.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo BatteryGauge (HKLM\...\{B8D3ED8D-A295-44C2-8AE1-56823D44AD1F}) (Version: 1.0.007.00 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4210 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4210 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.059.01 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.2 - Samsung Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
ViewNX-i (HKLM\...\{C67A5551-26C1-4C7B-A9DF-AD148549D482}) (Version: 1.2.1 - Nikon Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wartung Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version: - Samsung Electronics Co., Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4256507873-131550310-878068454-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05D30E02-FDBD-4291-8385-AA5FB650A559} - System32\Tasks\Lenovo\BatteryGauge => C:\Program Files\lenovo\BatteryGauge\BatteryGaugeIcon.exe [2015-07-11] (Lenovo)
Task: {06FCBD67-E280-4030-92DB-536CF472D14A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {1648F6DA-3CD5-4C12-AA69-EA5574833D27} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {5A5624C2-943F-4659-9A4B-32C5B24134CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {5E5516A8-8AAB-4CDC-8D95-FF4C4DF9121C} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-11] (Lenovo)
Task: {6377755C-BB0B-4341-ABC8-8AB4CB29EADB} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {7E324D52-1AE5-41A9-82F6-3AEE7C0BC338} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8E4C56C1-12B8-480E-9825-0952B5E4062F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-uweissen@bluewin.ch => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {A1076A1D-90BE-4B35-89B1-0C52A9A057A1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => control iMControllerService 128
Task: {C85329DE-73A3-4ECD-B10E-FE238FB443AA} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-06-01] (Lenovo)
Task: {C8C4CBE0-5972-4F96-808A-7AB44DAFA6E1} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {D823706C-E893-4E53-A98E-7C573FDAA2B5} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {E6F2146A-64A5-467C-AA00-B1D17C08269E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {EDF32366-676F-48EC-963B-03DB6FDA586B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-23 19:50 - 2011-06-21 09:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2016-06-19 09:42 - 2016-06-19 09:42 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2015-09-15 01:58 - 2015-09-15 01:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2016-06-23 19:56 - 2015-11-05 21:02 - 00491328 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00226216 _____ () C:\Program Files\update\UpdateAgent.exe
2015-11-01 06:55 - 2015-06-27 11:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2015-11-01 06:47 - 2015-08-19 05:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-27 20:04 - 2016-06-27 20:04 - 00959168 _____ () C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-12 17:20 - 2016-02-12 17:20 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-27 08:10 - 2016-04-27 08:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-01 06:47 - 2015-11-01 06:47 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-11-01 06:47 - 2015-11-01 06:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-06-16 03:53 - 2015-06-16 03:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-06-27 20:38 - 2016-06-27 20:38 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-27 20:38 - 2016-06-27 20:38 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-27 20:38 - 2016-06-27 20:38 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-06-01 20:26 - 2016-06-01 20:28 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-01 20:28 - 2016-06-01 20:29 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-11-01 06:47 - 2015-08-21 08:43 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-06-18 13:07 - 2016-06-15 10:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 13:07 - 2016-06-15 10:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-01 06:50 - 2015-02-13 01:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2016-06-29 14:43 - 2016-06-29 14:43 - 00964096 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-06-01 20:27 - 2016-06-01 20:28 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-06-29 14:43 - 2016-06-29 14:43 - 03311000 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-06-18 12:39 - 2016-06-02 02:48 - 00161736 _____ () C:\ProgramData\Lenovo\iMController\Plugins\LenovoAudioPlugin\x86\QualityStatsRevInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 13:04 - 2016-06-27 17:37 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Control Panel\Desktop\\Wallpaper -> E:\Eigene Dokumente\Eigene Bilder\Oberoesterreich\Eggelsberg-37.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/29/2016 04:51:38 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/29/2016 01:32:55 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/29/2016 11:19:00 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/29/2016 07:15:32 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/28/2016 10:51:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/28/2016 10:49:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/28/2016 02:47:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/28/2016 01:45:55 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/28/2016 12:51:05 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (06/28/2016 08:18:08 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
System errors:
=============
Error: (06/29/2016 04:34:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (06/29/2016 02:36:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/29/2016 02:07:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/29/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Sync Host_5feee erreicht.
Error: (06/29/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst User Data Storage_5feee erreicht.
Error: (06/29/2016 02:04:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_5feee" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
CodeIntegrity:
===================================
Date: 2016-06-29 14:56:51.837
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-28 08:19:14.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 22:04:07.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 19:27:12.657
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 19:26:36.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 19:21:45.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8097.91 MB
Available physical RAM: 4764.26 MB
Total Virtual: 10017.91 MB
Available Virtual: 6661.33 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:119.12 GB) (Free:41.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Volume) (Fixed) (Total:98.24 GB) (Free:52.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2BC178FB)
Partition: GPT.
==================== End of Addition.txt ============================
|
|
29.06.2016, 21:07
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | AVG user Interface Hab mich verschrieben. Ich meinte die FRST.txt, also das Hauptlog. Du hast 2x die addition.txt gepostet. Und jetzt schon wieder
__________________
__________________ |
|
01.07.2016, 08:11
| #18 |
| |  AVG user Interface Cosinus
__________________Ich bin für 10 Tage im Ausland unt erwegs und nur sporadisch im Nbetz. Melde mich wieder wen ich zu hause bin. Gruss werama Cosinus Ich bin für 10 Tage im Ausland unterwegs und nur sporadisch im Netz. Melde mich wieder wen ich zu hause bin. Gruss werama |
|
12.09.2016, 15:35
| #19 |
| | Wieder zurück Hallo cosinus Sorry aus 10 Tagen wurden 2 1/2 Monate, bedingt durch Krankenhausaufenthalt.. Ich habe soeben mein Obulus entrichtet. Können wir die Geschichte jetzt abschliessen? Was brauchst du noch dazu. Gruss |
|
12.09.2016, 15:38
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG user Interface Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.09.2016, 16:24
| #21 |
| | AVG user Interface Der Download wir abgebrochen mit der Meldung: Fehler Virus gefunden ??? |
|
13.09.2016, 08:44
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG user Interface Mit dieser Meldung wird dir niemand helfen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2016, 13:26
| #23 |
| | AVG user Interface Windows 10 "smart screen" hatte den Download blockiert. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by ulfw (administrator) on LAPDESKTOP (13-09-2016 14:16)
Running from C:\TrojanerBoard
Loaded Profiles: ulfw (Available Profiles: ulfw)
Platform: Windows 10 Home Version 1511 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Windows\SysWOW64\spdsvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\update\UpdateAgent.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Windows\System32\PortChanger.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD T1.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412912 2016-06-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-06-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-06-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-06-01] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-11-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\EpmNews.exe [2090176 2016-04-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\CleanUpUI.exe [1227456 2016-04-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-07-01] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68aa8129-2e02-4ac7-9f17-2ca6b94762fd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c76f7e95-d6e4-4b7f-bf18-a9c1bc35784e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{db9e1287-99f7-4ed8-9519-4738aea84118}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fb80cd58-df40-44b1-9b37-247645e8ce84}: [DhcpNameServer] 150.206.1.2
Internet Explorer:
==================
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-4256507873-131550310-878068454-1001 -> DefaultScope {D5F1BE35-A861-465C-ACBD-70DA19F6DED7} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-06-29] [not signed]
Chrome:
=======
CHR Profile: C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-27]
CHR Extension: (Google Docs) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-27]
CHR Extension: (Google Drive) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-27]
CHR Extension: (YouTube) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-27]
CHR Extension: (FromDocToPDF) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfpdhjbmgalijofgljkeckkgdjafgmfb [2016-09-13]
CHR Extension: (Google Tabellen) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-27]
CHR Extension: (FromDocToPDF) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-09-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-27]
CHR Extension: (Google Mail) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-27]
CHR Extension: (Chrome Media Router) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR Extension: (SnapMyScreen) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj [2016-09-01]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor7.0; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [163840 2008-09-16] (Adobe Systems Incorporated) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [618920 2016-06-01] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-04-27] (DisplayLink Corp.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-23] (Intel Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-11-01] (Lenovo) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-09-09] (Macrovision Europe Ltd.) [File not signed]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [372128 2016-06-01] (Intel Corporation)
R2 ImControllerService; c:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [60752 2016-08-24] (Lenovo Group Limited)
R2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-11-01] ()
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [82096 2015-05-21] (BayHubTech/O2Micro International)
R2 O2FLASH; C:\WINDOWS\SysWOW64\drivers\o2flash.exe [82096 2015-05-21] (BayHubTech/O2Micro International)
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [491328 2015-11-05] ()
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263792 2016-06-01] (Synaptics Incorporated)
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-11-01] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [38328 2015-08-21] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1589.0.sys [67336 2016-05-23] ()
R3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm62_x64.sys [91920 2016-04-27] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [229648 2016-04-27] (DisplayLink Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-23] (Intel Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18016 2016-01-20] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2016-01-20] ()
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-23] (Intel Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-01-20] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-01-20] ()
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [67608 2015-11-01] (Windows (R) Win 7 DDK provider) [File not signed]
R0 FBFsmon; C:\Windows\System32\DRIVERS\FBFsmon.sys [39448 2015-11-01] (Windows (R) Win 7 DDK provider) [File not signed]
R2 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [32792 2015-11-01] (Windows (R) Win 7 DDK provider) [File not signed]
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250096 2015-07-02] (Intel Corporation)
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [7052032 2016-06-01] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [201240 2015-05-21] (BayHubTech/O2Micro )
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3049176 2015-05-29] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [74352 2016-06-01] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-13 13:41 - 2016-09-13 13:44 - 01748992 _____ (Farbar) C:\Users\ulfw\Downloads\FRST.exe
2016-09-12 16:06 - 2016-09-12 16:06 - 00001374 _____ C:\Users\ulfw\Desktop\Brief-Brief.doc - Verknüpfung.lnk
2016-09-12 15:31 - 2016-09-12 15:31 - 00000000 ____D C:\WINDOWS\LastGood
2016-09-12 14:51 - 2016-09-12 14:51 - 00003200 _____ C:\WINDOWS\System32\Tasks\Samsung_PSSD_Registration
2016-09-12 14:51 - 2016-09-12 14:51 - 00001729 _____ C:\Users\Public\Desktop\Samsung Portable SSD T3.lnk
2016-09-12 14:51 - 2016-09-12 14:51 - 00000000 ____D C:\ProgramData\Samsung Apps
2016-09-12 14:51 - 2016-09-12 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Portable SSD T3
2016-09-09 18:23 - 2016-09-09 18:38 - 00000000 ____D C:\ProgramData\FLEXnet
2016-09-09 18:23 - 2016-09-09 18:23 - 00001293 _____ C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
2016-09-09 18:23 - 2016-09-09 18:23 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk
2016-09-09 18:23 - 2016-09-09 18:23 - 00000060 _____ C:\WINDOWS\wininit.ini
2016-09-09 18:22 - 2016-09-09 18:22 - 01628920 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxsfs.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00547576 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\px.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00510712 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxdrv.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00379640 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxwave.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00187128 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxmas.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00129784 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxafs.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00118520 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxinsi64.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00116472 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxcpyi64.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00072440 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxhpinst.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00064760 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxinsa64.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00064760 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxcpya64.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00039672 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\vxblock.dll
2016-09-09 18:21 - 2016-09-09 18:21 - 00000000 ____D C:\Users\ulfw\Desktop\Adobe
2016-09-08 13:51 - 2016-04-27 08:14 - 00026896 _____ (DisplayLink Corp.) C:\WINDOWS\system32\Drivers\dlkmdldr.sys
2016-09-07 08:12 - 2016-09-07 08:12 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-09-06 13:47 - 2016-09-06 13:47 - 00000676 _____ C:\Users\ulfw\Desktop\Schlüssel-Dia.spj - Verknüpfung (2).lnk
2016-09-05 16:02 - 2016-09-05 16:02 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-02 10:07 - 2016-09-02 10:07 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2016-09-01 16:20 - 2016-09-01 16:20 - 00001262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk
2016-09-01 16:20 - 2016-09-01 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2016-09-01 16:20 - 2016-09-01 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2016-08-31 18:01 - 2016-09-01 17:23 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\NCH Software
2016-08-31 18:01 - 2016-09-01 16:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2016-08-31 18:01 - 2016-09-01 16:20 - 00000000 ____D C:\ProgramData\NCH Software
2016-08-31 18:01 - 2016-09-01 16:20 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-08-24 14:50 - 2016-08-24 14:50 - 00257872 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2016-08-20 10:57 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-20 10:57 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-20 10:57 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-20 10:57 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-20 10:57 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-20 10:57 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-20 10:57 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-20 10:57 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-20 10:57 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-20 10:57 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-20 10:57 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-20 10:57 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-20 10:57 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-20 10:57 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-20 10:57 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-20 10:57 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-20 10:57 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-20 10:57 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-20 10:57 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-20 10:57 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-20 10:57 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-20 10:57 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-20 10:57 - 2016-08-03 11:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-20 10:57 - 2016-08-03 11:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-20 10:57 - 2016-08-03 11:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-20 10:57 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-20 10:57 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-20 10:57 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-20 10:57 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-20 10:57 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-20 10:57 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-20 10:57 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-20 10:57 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-20 10:57 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-20 10:57 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-20 10:57 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-20 10:57 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-20 10:57 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-20 10:57 - 2016-08-03 11:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-20 10:57 - 2016-08-03 11:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-20 10:57 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-20 10:57 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-20 10:57 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-20 10:57 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-20 10:57 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-20 10:57 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-20 10:57 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-20 10:57 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-20 10:57 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-20 10:57 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-20 10:57 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-20 10:57 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-20 10:57 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-20 10:57 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-20 10:57 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-20 10:57 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-20 10:57 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-20 10:57 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-20 10:57 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-20 10:57 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-20 10:57 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-20 10:57 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-20 10:57 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-20 10:57 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-20 10:57 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-20 10:57 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-20 10:57 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-20 10:57 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-20 10:57 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-20 10:57 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-20 10:57 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-20 10:57 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-20 10:57 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-20 10:57 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-20 10:57 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-20 10:56 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-20 10:56 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-20 10:56 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-20 10:56 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-20 10:56 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-20 10:56 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-20 10:56 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-20 10:56 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-20 10:56 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-20 10:56 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-20 10:56 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-20 10:56 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-20 10:56 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-20 10:56 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-20 10:56 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-20 10:56 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-20 10:56 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-20 10:56 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-20 10:56 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-20 10:56 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-20 10:56 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-20 10:56 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-20 10:56 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-20 10:56 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-20 10:56 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-20 10:56 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-20 10:56 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-20 10:56 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-20 10:56 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-20 10:56 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-20 10:56 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-20 10:56 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-20 10:56 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-20 10:56 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-20 10:56 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-20 10:56 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-20 10:56 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-20 10:56 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-20 10:56 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-20 10:56 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-20 10:56 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-20 10:56 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-20 10:56 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-20 10:56 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-20 10:56 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-20 10:56 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-20 10:56 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-20 10:56 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-19 21:01 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-19 18:01 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-19 18:01 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-19 18:01 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-19 18:01 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-19 18:01 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-19 18:01 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-19 18:01 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-19 18:01 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-19 18:01 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-19 18:01 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-13 14:16 - 2016-06-27 09:16 - 00000000 ____D C:\FRST
2016-09-13 14:16 - 2016-06-26 16:58 - 00000000 ____D C:\TrojanerBoard
2016-09-13 14:12 - 2016-06-01 20:57 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-13 13:37 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-13 13:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-13 13:35 - 2016-06-18 16:11 - 00000000 ____D C:\Users\ulfw\AppData\Local\Adobe
2016-09-13 13:35 - 2016-06-02 15:27 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{931BFAFD-4B01-497B-955E-2018BD63BFBA}
2016-09-13 13:32 - 2016-06-27 19:22 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-13 13:32 - 2016-06-01 20:57 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-13 13:32 - 2016-06-01 16:48 - 00000000 __SHD C:\Users\ulfw\IntelGraphicsProfiles
2016-09-12 16:21 - 2016-06-28 05:13 - 00777080 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-12 16:21 - 2016-06-28 05:13 - 00156168 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-12 16:21 - 2016-06-28 05:11 - 00816108 _____ C:\WINDOWS\system32\perfh00C.dat
2016-09-12 16:21 - 2016-06-28 05:11 - 00156154 _____ C:\WINDOWS\system32\perfc00C.dat
2016-09-12 16:21 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-12 16:21 - 2015-07-16 17:54 - 02773372 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-12 15:32 - 2016-06-01 16:48 - 00000000 ____D C:\Users\ulfw\AppData\Local\Packages
2016-09-12 15:18 - 2016-06-20 19:19 - 00000000 ___RD C:\Users\ulfw\Documents\Scanned Documents
2016-09-12 07:47 - 2016-04-27 08:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-12 07:47 - 2015-10-30 08:28 - 03145728 ___SH C:\WINDOWS\system32\config\BBI
2016-09-11 11:11 - 2016-04-27 08:29 - 00224680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-11 11:10 - 2016-06-07 11:57 - 00000000 ____D C:\Web
2016-09-09 18:38 - 2016-06-18 16:12 - 00000000 ____D C:\ProgramData\Adobe
2016-09-09 18:22 - 2016-06-19 14:41 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-08 13:50 - 2016-06-29 14:56 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-09-08 13:50 - 2016-06-27 19:21 - 00000000 ____D C:\Program Files\DisplayLink Core Software
2016-09-07 18:54 - 2016-06-27 19:23 - 00000000 ____D C:\Users\ulfw
2016-09-07 16:03 - 2016-06-04 14:42 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\Nitro PDF
2016-09-05 16:02 - 2016-06-01 16:50 - 00002387 _____ C:\Users\ulfw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-05 16:02 - 2016-06-01 16:50 - 00000000 ___RD C:\Users\ulfw\OneDrive
2016-09-02 10:10 - 2016-06-01 16:48 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\Adobe
2016-09-01 18:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 18:15 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-01 14:34 - 2016-06-04 11:41 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\Audacity
2016-08-31 08:51 - 2016-06-25 20:05 - 00005695 _____ C:\ProgramData\StreamingMediaTechnologyLog.txt
2016-08-24 16:06 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-20 13:34 - 2016-04-27 08:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-20 12:42 - 2016-04-27 08:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-20 12:42 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-20 11:20 - 2016-06-02 15:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-20 11:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-20 11:17 - 2016-06-02 15:58 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-19 16:13 - 2016-06-01 20:58 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-19 16:07 - 2016-06-01 20:57 - 00004198 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-19 16:07 - 2016-06-01 20:57 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-19 11:11 - 2015-11-01 06:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-08-18 18:29 - 2016-06-01 16:48 - 00000000 ____D C:\Users\ulfw\AppData\Local\Lenovo
==================== Files in the root of some directories =======
2016-06-02 15:15 - 2016-06-02 15:15 - 0000000 _____ () C:\Users\ulfw\AppData\Roaming\fastboot.log
2016-06-03 15:06 - 2016-06-03 15:06 - 0000268 ___RH () C:\Users\ulfw\AppData\Roaming\Speech Enhancer
2016-06-03 15:06 - 2016-06-03 15:06 - 0000268 ___RH () C:\Users\ulfw\AppData\Roaming\Standard
2016-06-27 19:22 - 2016-06-27 19:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-27 19:22 - 2016-06-27 19:22 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-06-03 15:06 - 2016-06-03 15:06 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2016-06-03 15:06 - 2016-06-03 15:06 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2016-06-03 15:06 - 2016-06-03 15:06 - 0000268 ___RH () C:\ProgramData\StartupItems
2016-06-03 15:06 - 2016-06-03 15:06 - 0000268 ___RH () C:\ProgramData\StatusSheet
2016-06-25 20:05 - 2016-08-31 08:51 - 0005695 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt
Some files in TEMP:
====================
C:\Users\ulfw\AppData\Local\Temp\LMkRstPt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-06 15:49
==================== End of FRST.txt ============================
--- --- --- Hier noch die Additional FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by ulfw (13-09-2016 14:16:39)
Running from C:\TrojanerBoard
Windows 10 Home Version 1511 (X64) (2016-06-27 17:29:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4256507873-131550310-878068454-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4256507873-131550310-878068454-503 - Limited - Disabled)
Guest (S-1-5-21-4256507873-131550310-878068454-501 - Limited - Disabled)
ulfw (S-1-5-21-4256507873-131550310-878068454-1001 - Administrator - Enabled) => C:\Users\ulfw
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 14 (HKLM-x32\...\{18EF738B-56F0-4370-8FEA-93FC9EC51DFA}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{22822919-96E0-46E0-9CCC-1318A8ED0081}) (Version: 7.9.1589.0 - DisplayLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
EaseUS Partition Master 11.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4210 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4210 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.066.00 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0.6025 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version: 3.28 - NCH Software)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.2 - Samsung Electronics Co., Ltd.)
Samsung Portable SSD T3 (HKLM-x32\...\Samsung Portable SSD T3_is1) (Version: 1.3 - Samsung Electronics)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
ViewNX-i (HKLM\...\{C67A5551-26C1-4C7B-A9DF-AD148549D482}) (Version: 1.2.1 - Nikon Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wartung Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version: - Samsung Electronics Co., Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4256507873-131550310-878068454-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06FCBD67-E280-4030-92DB-536CF472D14A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {1648F6DA-3CD5-4C12-AA69-EA5574833D27} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {3FC40DD9-73C2-426F-A3AA-ED262FA6489A} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe [2016-09-12] (Samsung Electronics)
Task: {4EE33060-A5D8-44B9-BF13-A070C6CE2262} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {5A5624C2-943F-4659-9A4B-32C5B24134CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {5E5516A8-8AAB-4CDC-8D95-FF4C4DF9121C} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-11] (Lenovo)
Task: {6377755C-BB0B-4341-ABC8-8AB4CB29EADB} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {645738A3-5771-4310-B466-1201795C006A} - System32\Tasks\NCH Software\VideoPadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe
Task: {7E324D52-1AE5-41A9-82F6-3AEE7C0BC338} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8E4C56C1-12B8-480E-9825-0952B5E4062F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-uweissen@bluewin.ch => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {A1076A1D-90BE-4B35-89B1-0C52A9A057A1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {C85329DE-73A3-4ECD-B10E-FE238FB443AA} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-06-01] (Lenovo)
Task: {C8C4CBE0-5972-4F96-808A-7AB44DAFA6E1} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {D823706C-E893-4E53-A98E-7C573FDAA2B5} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {E6F2146A-64A5-467C-AA00-B1D17C08269E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {EDF32366-676F-48EC-963B-03DB6FDA586B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {F88F597F-9E43-4299-9FC9-373187714BED} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-05] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\ulfw\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.html
==================== Loaded Modules (Whitelisted) ==============
2016-06-23 19:50 - 2011-06-21 09:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2016-06-19 09:42 - 2016-06-19 09:42 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-06-23 19:56 - 2015-11-05 21:02 - 00491328 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2015-09-15 01:58 - 2015-09-15 01:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00226216 _____ () C:\Program Files\update\UpdateAgent.exe
2015-11-01 06:55 - 2015-06-27 11:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2015-11-01 06:47 - 2015-08-19 05:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2012-10-19 04:52 - 2012-10-19 04:52 - 03867040 _____ () C:\WINDOWS\system32\PortChanger.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-01 06:47 - 2015-08-21 08:43 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-07-13 19:24 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 19:24 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-05 16:01 - 2016-09-05 16:01 - 01864384 _____ () C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-13 19:25 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-27 08:12 - 2016-04-27 08:12 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-04-27 08:10 - 2016-04-27 08:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 19:26 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 19:25 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 19:25 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 19:25 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-01 06:47 - 2015-11-01 06:47 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-11-01 06:47 - 2015-11-01 06:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-06-16 03:53 - 2015-06-16 03:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-06-27 20:42 - 2016-06-27 20:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-19 16:13 - 2016-08-03 01:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-19 16:13 - 2016-08-03 01:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2015-11-01 06:50 - 2015-02-13 01:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2015-10-21 15:50 - 2015-10-21 15:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-09 17:22 - 2016-08-09 17:22 - 00101888 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Management\252667907e1e3e32b11d87fba7af0023\Windows.Management.ni.dll
2016-08-09 17:22 - 2016-08-09 17:22 - 02921472 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\931208eb21bfb07f9a4995753d6b7f7b\Windows.ApplicationModel.ni.dll
2016-08-09 17:22 - 2016-08-09 17:22 - 00821248 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\70c31a6aefe21a1501d1b781a0217731\Windows.Storage.ni.dll
2016-08-09 03:34 - 2016-08-09 03:34 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cbafdb4e11c9fd06e0a2e5efa6253883\Windows.Foundation.ni.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 13:04 - 2016-06-27 17:37 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Control Panel\Desktop\\Wallpaper -> E:\Eigene Dokumente\Eigene Bilder\Oberoesterreich\Eggelsberg-2-8.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{5387E6E7-6A00-4330-8C4F-E7F45B958856}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B410D92F-2249-4C2F-A960-20136312CD6F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{C7657223-4F8E-40EC-A5BA-91982C4F8406}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/13/2016 01:32:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe Premiere Elements 14\MPEGHDVExport.exe".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/13/2016 01:32:18 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (09/12/2016 05:25:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 45.2.0.6025 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2004
Startzeit: 01d20d0444171def
Beendigungszeit: 34
Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Berichts-ID: 2d50ce11-78fd-11e6-9c28-a434d9298c05
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/12/2016 04:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 45.2.0.6025 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16d8
Startzeit: 01d20d03bb68ba56
Beendigungszeit: 19
Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Berichts-ID: 1fcc8207-78f7-11e6-9c28-a434d9298c05
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/12/2016 02:52:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe Premiere Elements 14\MPEGHDVExport.exe".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/12/2016 02:47:05 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (09/12/2016 11:49:47 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (09/12/2016 07:43:16 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (09/11/2016 07:15:43 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (09/11/2016 04:19:12 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
System errors:
=============
Error: (09/13/2016 01:35:51 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error: (09/13/2016 01:33:37 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error: (09/13/2016 01:32:19 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Für den Miniport "Targus Giga Ethernet, {DB9E1287-99F7-4ED8-9519-4738AEA84118}" ist das Ereignis "73" aufgetreten.
Error: (09/12/2016 08:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_6eb7c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (09/12/2016 08:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_6eb7c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (09/12/2016 08:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_6eb7c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (09/12/2016 08:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_6eb7c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.
Error: (09/12/2016 04:46:32 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (09/12/2016 02:53:48 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (09/12/2016 02:51:44 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
CodeIntegrity:
===================================
Date: 2016-09-02 08:53:25.522
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-20 13:34:07.048
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-10 16:09:41.115
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-09 03:23:08.392
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-07 18:38:17.095
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-29 14:56:51.837
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-28 08:19:14.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 22:04:07.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 19:27:12.657
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-27 19:26:36.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 39%
Total physical RAM: 8097.91 MB
Available physical RAM: 4908.88 MB
Total Virtual: 9377.91 MB
Available Virtual: 6400.64 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:119.12 GB) (Free:63.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Samsung_T3) (Fixed) (Total:465.74 GB) (Free:465.74 GB) exFAT
Drive e: (Volume) (Fixed) (Total:98.24 GB) (Free:47.61 GB) NTFS
Drive f: (Transcend) (Removable) (Total:3.73 GB) (Free:0.91 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2BC178FB)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: C492DAD6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
--- --- --- |
|
13.09.2016, 13:54
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG user Interface FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2016, 14:08
| #25 |
| | AVG user Interface Ich starte FRST.exe: Er läuft durch und macht eine FRST.txt sonst nichts. |
|
13.09.2016, 14:18
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG user Interface Einfach mal die Anleitung richtig lesen und umsetzen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2016, 15:10
| #27 |
| | AVG user Interface Habe den Defender in Windows 10 deaktiviert. Ansonsten ist mir kein Vierenscanner bei mir bekannt. AVG hab ich ja schon vor 3 Monaten deinstalliert. Nach deiner Beschreibung komme ich bis zur gestarteten FRST64.exe Nun sollte ich einen entfernen Button sehen. Diesen kann ich nicht finden. Kannst du mir sagen wo ich einen Fehler mache? |
|
13.09.2016, 15:19
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG user Interface Mein Güte, FRST hat nur vier Buttons!!!  Da wirst du doch selbst den Button, der mit "entfernen" beschriftet ist, finden! Dasist der erste von recht oder auch der vierte von links 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2016, 15:35
| #29 |
| | AVG user Interface Der ist mit FIX beschriftet da suche ich kein entfernen Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by ulfw (13-09-2016 16:30:40) Run:1
Running from C:\TrojanerBoard
Loaded Profiles: ulfw (Available Profiles: ulfw)
Boot Mode: Normal
==============================================
fixlist content:
*****************
emptytemp:
*****************
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 333504581 B
Java, Flash, Steam htmlcache => 980 B
Windows/system/drivers => 12135208 B
Edge => 49198770 B
Chrome => 497244333 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 37608 B
NetworkService => 0 B
ulfw => 735974200 B
RecycleBin => 7243055772 B
EmptyTemp: => 8.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:31:02 ====
|
|
13.09.2016, 15:42
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG user InterfaceZitat:
kein Wunder, dein Windows ist ja auch auf Englisch! Und damit haste aber keine Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu AVG user Interface |
| avg, direkt, drucker, einzelne, gestern, hoffe, interne, internet, jahre, manager, maus, melde, neuen, nicht mehr, photoshop, probleme, programme, programmen, starte, starten, suche, task manager, windows, überhaupt, öffnen |
Linear-Darstellung
