OK, Danke.
Nebenbei verlangsamt diese Schadware den Browser (Opera) so weit, dass ich bedeutend schneller Tippe als der Computer die Buchstaben anzeigen kann.
Hier also die Logs: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:51 on 03/10/2014 (Melanie)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 04.10.2014
Scan Time: 20:51:41
Logfile: malware antibytes Log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.10.04.11
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Melanie
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 477372
Time Elapsed: 42 min, 6 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.FilesFrog.A, C:\Users\Melanie\AppData\Local\FilesFrog Update Checker\UPDATE_CHECKER.EXE, 23372, , [6754d23ee59789add758cd15c43e9e62]
Modules: 0
(No malicious items detected)
Registry Keys: 10
PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FilesFrog Update Checker, , [12a9868aa3d9cc6a4ae1b47350b053ad],
PUP.Optional.Somoto.A, HKU\S-1-5-21-4293270421-953212615-3131140010-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Somoto, , [d0ebe32d4735b77fbdd7f11eb15214ec],
PUP.Optional.Somoto.A, HKU\S-1-5-21-4293270421-953212615-3131140010-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP, , [5b60f917126a0333036d3925ba4ad62a],
PUP.Optional.ShowPassword.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5D1793A3-860B-1CA0-15D7-B376CE4C41FE}, , [2398e62a28546fc744410c0b48bdee12],
PUP.Optional.ShowPassword.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5D1793A3-860B-1CA0-15D7-B376CE4C41FE}, , [2398e62a28546fc744410c0b48bdee12],
PUP.Optional.ShowPassword.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{53243B30-F787-9915-B328-254C7A5FD705}, , [2398e62a28546fc744410c0b48bdee12],
PUP.Optional.ShowPassword.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7363C13-BCD1-2A9B-09BB-3591F5D3E421}, , [2398e62a28546fc744410c0b48bdee12],
PUP.Optional.ShowPassword.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{53243B30-F787-9915-B328-254C7A5FD705}, , [2398e62a28546fc744410c0b48bdee12],
PUP.Optional.ShowPassword.A, HKU\S-1-5-21-4293270421-953212615-3131140010-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5D1793A3-860B-1CA0-15D7-B376CE4C41FE}, , [2398e62a28546fc744410c0b48bdee12],
PUP.Optional.ShowPassword.A, HKU\S-1-5-21-4293270421-953212615-3131140010-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5D1793A3-860B-1CA0-15D7-B376CE4C41FE}, , [2398e62a28546fc744410c0b48bdee12],
Registry Values: 1
PUP.Optional.Somoto.A, HKU\S-1-5-21-4293270421-953212615-3131140010-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP|affid, atunesxyeg, , [5b60f917126a0333036d3925ba4ad62a]
Registry Data: 0
(No malicious items detected)
Folders: 2
PUP.Optional.FilesFrog.A, C:\Users\Melanie\AppData\Local\FILESFROG UPDATE CHECKER, , [6754d23ee59789add758cd15c43e9e62],
PUP.Optional.FilesFrog.A, C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker, , [e4d7db3509738caa151b9f43e31fc23e],
Files: 19
PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-4293270421-953212615-3131140010-1001\$R9E8PLM.exe, , [c5f67799d9a3a4929718f43e20e19769],
PUP.Optional.Somoto.A, C:\Users\Melanie\AppData\Local\Temp\BI_RunOnce (1).exe, , [d7e40e027dff7bbbc0b2cd5d7d845ba5],
PUP.Optional.Somoto.A, C:\Users\Melanie\AppData\Local\Temp\FLVPlayerSetup.exe, , [9724c64a4b314ee81fdfce63847c7090],
PUP.Optional.Addlyrics, C:\Users\Melanie\AppData\Local\Temp\_Show_Password.exe, , [6c4ffb15314b90a673e7acddce3307f9],
PUP.Optional.Somoto, C:\Users\Melanie\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe, , [e3d8e32d9ae2e3538c5c0433b253b34d],
PUP.Optional.Somoto.A, C:\Users\Melanie\AppData\Local\Temp\BI_RunOnce.exe, , [05b6d9377c001620690949e1bb46916f],
PUP.Optional.Somoto.A, C:\Users\Melanie\Downloads\aTunes_3.1.1_installer.exe, , [6a5148c8e19bc96da69a0335cd33619f],
PUP.Optional.Bandoo, C:\Users\Melanie\Downloads\iLividSetup-r400-n-bc (1).exe, , [6c4fd23e255794a22e22a17b17eafa06],
PUP.Optional.Bandoo, C:\Users\Melanie\Downloads\iLividSetup-r400-n-bc (2).exe, , [af0c5fb16b111e1876da5cc05ba627d9],
PUP.Optional.Bandoo, C:\Users\Melanie\Downloads\iLividSetup-r400-n-bc.exe, , [982350c0f785b87ecf8164b826dbde22],
PUP.Optional.Installrex, C:\Users\Simon\Downloads\James Brown feat Dead Prez - I feel Good with this Hip Hop .wav.exe, , [3c7f25eb96e6b1854f6c8bf230d1c53b],
PUP.Optional.Somoto, C:\Users\Melanie\AppData\Local\FilesFrog Update Checker\uninstall.exe, , [12a9868aa3d9cc6a4ae1b47350b053ad],
PUP.Optional.ShowPassword.A, C:\Windows\System32\Tasks\Show-Password Update, , [dbe0020e611b0e28ac1e130dce354bb5],
PUP.Optional.ShowPassword.A, C:\Windows\System32\Tasks\Show-Password_wd, , [5863a96725578aac08c2ec34e71c8b75],
PUP.Optional.ShowPassword.A, C:\Windows\Tasks\Show-Password Update.job, , [7c3feb251b61ce684c6c5519cb39a35d],
PUP.Optional.FilesFrog.A, C:\Users\Melanie\AppData\Local\FilesFrog Update Checker\update_checker.exe, , [6754d23ee59789add758cd15c43e9e62],
PUP.Optional.FilesFrog.A, C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk, , [e4d7db3509738caa151b9f43e31fc23e],
PUP.Optional.FilesFrog.A, C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk, , [e4d7db3509738caa151b9f43e31fc23e],
PUP.Optional.ShowPassword.A, C:\Program Files (x86)\Show-Password-soft\171.dll, , [2398e62a28546fc744410c0b48bdee12],
Physical Sectors: 0
(No malicious items detected)
(end)
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Melanie (administrator) on LEOPOLD on 03-10-2014 15:54:43
Running from C:\Users\Melanie\Desktop
Loaded Profile: Melanie (Available profiles: Melanie & Simon)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
() C:\Program Files (x86)\Show-Password-soft\Show-Passwordct171.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files\Lenovo\QuickSnipService\QuickSnipInput.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
() C:\Program Files (x86)\Show-Password-soft\Show-Passwordd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Somoto) C:\Users\Melanie\AppData\Local\FilesFrog Update Checker\update_checker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
() C:\Program Files\Adobe\Adobe InDesign CC (64 bit)\Utilities\adb.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Helper.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Users\Melanie\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-07-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-09-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [222720 2012-08-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [59392 2012-05-02] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [741680 2012-11-09] (Lenovo)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Pulselocker Sync] => C:\Program Files (x86)\Pulselocker\Pulselocker Sync.exe [376832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {1b27c6dd-0d83-11e4-bea8-3c970e9bf7b4} - "E:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {1b27c73b-0d83-11e4-bea8-3c970e9bf7b4} - "E:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {27c8b12f-3106-11e4-beb6-3c970e9bf7b4} - "D:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {7e19b4d5-e294-11e3-bea5-3c970e9bf7b4} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {7e19b691-e294-11e3-bea5-3c970e9bf7b4} - "D:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {7e19b6e7-e294-11e3-bea5-3c970e9bf7b4} - "D:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {81e3e8ea-1826-11e4-beb2-3c970e9bf7b4} - "E:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {8ac375fb-f4c7-11e3-bea6-3c970e9bf7b4} - "D:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {96aa930b-0dd3-11e4-bea9-3c970e9bf7b4} - "D:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {96aa95fe-0dd3-11e4-bea9-3c970e9bf7b4} - "E:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {cad0c18b-1034-11e4-beab-3c970e9bf7b4} - "E:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {cad0c352-1034-11e4-beab-3c970e9bf7b4} - "D:\AutoRun.exe"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\MountPoints2: {d35c17fe-14bb-11e4-beac-3c970e9bf7b4} - "E:\AutoRun.exe"
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
SSODL: EldosMountNotificator-cbfs4 - {5FCA9DA9-B4ED-4456-BD17-720094641C35} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {5FCA9DA9-B4ED-4456-BD17-720094641C35} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {A1BABFE2-C4B2-451C-BBA2-C9DC8C7C64F8} => C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {A1BABFE2-C4B2-451C-BBA2-C9DC8C7C64F8} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14326;https=127.0.0.1:14326
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope {15D323E1-B6F5-4CDB-84F0-EB84F2BB70C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM - {15D323E1-B6F5-4CDB-84F0-EB84F2BB70C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM-x32 - DefaultScope {15D323E1-B6F5-4CDB-84F0-EB84F2BB70C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM-x32 - {15D323E1-B6F5-4CDB-84F0-EB84F2BB70C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKCU - DefaultScope {15D323E1-B6F5-4CDB-84F0-EB84F2BB70C9} URL =
SearchScopes: HKCU - {15D323E1-B6F5-4CDB-84F0-EB84F2BB70C9} URL =
BHO-x32: Show-Password -> {5D1793A3-860B-1CA0-15D7-B376CE4C41FE} -> C:\Program Files (x86)\Show-Password-soft\171.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF HKCU\...\Firefox\Extensions: [{A76C9ADA-775D-BAAC-51EC-389D6732D66C}] - C:\Program Files (x86)\Show-Password-soft\171.xpi
FF Extension: Show-Password - C:\Program Files (x86)\Show-Password-soft\171.xpi [2014-06-24]
Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2013-11-25] (Lenovo Corporation)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [139568 2012-11-09] (Lenovo)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
R2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [235488 2012-12-14] (LENOVO INCORPORATED.)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-01-20] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [576992 2012-12-14] (LENOVO INCORPORATED.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2013-11-25] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-08-25] (Microsoft Corporation)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-04-13] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
R2 Show-Password; C:\Program Files (x86)\Show-Password-soft\Show-Passwordct171.exe [180224 2014-06-24] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-09-27] ()
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-04-13] (Microsoft Corporation)
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [375640 2012-12-24] (EldoS Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [63792 2012-11-09] (Windows (R) Win 7 DDK provider)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-09-05] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R0 klfde; C:\Windows\System32\DRIVERS\klfde.sys [198568 2013-11-07] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [665184 2014-01-20] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-07-11] (Kaspersky Lab ZAO)
R1 klvfs; C:\Windows\System32\DRIVERS\klvfs.sys [286816 2013-11-25] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-02-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177760 2013-07-01] (Kaspersky Lab ZAO)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RCUVCAVS; C:\Windows\system32\DRIVERS\RCUVCAVS.sys [149632 2012-08-02] (Ricoh co.,Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18776 2012-12-24] (EldoS Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 15:54 - 2014-10-03 15:55 - 00024609 _____ () C:\Users\Melanie\Desktop\FRST.txt
2014-10-03 15:54 - 2014-10-03 15:54 - 00000000 ____D () C:\FRST
2014-10-03 15:53 - 2014-10-03 15:53 - 02109440 _____ (Farbar) C:\Users\Melanie\Desktop\FRST64.exe
2014-10-03 15:49 - 2014-10-03 15:51 - 00000476 _____ () C:\Users\Melanie\Desktop\defogger_disable.log
2014-10-03 15:49 - 2014-10-03 15:49 - 00050477 _____ () C:\Users\Melanie\Desktop\Defogger.exe
2014-10-03 15:49 - 2014-10-03 15:49 - 00000000 _____ () C:\Users\Melanie\defogger_reenable
2014-10-02 11:13 - 2014-10-02 11:14 - 00000000 ____D () C:\Users\Melanie\Documents\Adobe
2014-10-02 11:13 - 2014-10-02 11:13 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-10-02 09:25 - 2014-10-02 09:25 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\com.adobe.AdobeMuseCC.2014.1
2014-10-02 09:12 - 2014-10-02 09:24 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2014.lnk
2014-10-02 09:11 - 2014-10-02 09:11 - 00000000 ____D () C:\Program Files (x86)\My Company Name
2014-10-02 09:11 - 2012-06-22 03:01 - 00056336 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2014-10-02 09:11 - 2012-04-24 03:01 - 00011376 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2014-10-02 09:11 - 2012-04-24 03:01 - 00010864 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2014-10-02 09:00 - 2014-10-02 09:00 - 00001038 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2014-10-02 08:57 - 2014-10-02 08:57 - 00001024 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse.lnk
2014-09-30 11:37 - 2014-09-30 11:37 - 00000000 ____D () C:\ProgramData\DatacardService
2014-09-29 19:19 - 2014-09-29 19:19 - 00003844 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1388439950
2014-09-29 19:06 - 2014-09-29 19:06 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-29 19:06 - 2014-09-29 19:06 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-29 19:06 - 2014-09-29 19:06 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-29 19:06 - 2014-09-29 19:06 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-29 19:05 - 2014-09-29 19:05 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-29 19:05 - 2014-09-29 19:05 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-29 19:05 - 2014-09-29 19:05 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-29 19:05 - 2014-09-29 19:05 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-29 19:05 - 2014-09-29 19:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-29 19:05 - 2014-09-29 19:05 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-29 19:05 - 2014-09-29 19:05 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-29 19:03 - 2014-09-29 19:03 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-29 19:03 - 2014-09-29 19:03 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-25 20:54 - 2014-10-02 11:27 - 00000000 ____D () C:\Users\Melanie\Documents\MELANIE BLOCK
2014-09-23 13:24 - 2014-09-23 13:24 - 00000000 ____D () C:\Users\Melanie\Documents\Exels div
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 15:56 - 2013-12-31 00:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-03 15:50 - 2013-12-24 23:22 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4293270421-953212615-3131140010-1001
2014-10-03 15:49 - 2014-02-21 20:57 - 00000000 ____D () C:\Users\Melanie
2014-10-03 15:47 - 2014-02-21 21:11 - 01833681 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-03 15:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-03 15:35 - 2013-12-24 23:19 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Nitro PDF
2014-10-03 15:35 - 2013-12-24 23:19 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Adobe
2014-10-03 15:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-02 17:19 - 2013-12-24 23:14 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Adobe
2014-10-02 11:19 - 2013-12-31 01:25 - 00000000 ____D () C:\cs2-2
2014-10-02 11:19 - 2013-11-26 22:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-02 11:13 - 2013-11-26 22:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-02 10:33 - 2014-02-06 19:14 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Skype
2014-10-02 09:23 - 2014-03-26 13:47 - 00000000 ____D () C:\Users\Melanie\Documents\MASTER
2014-10-02 09:12 - 2014-04-14 12:38 - 00000000 ____D () C:\Program Files\Adobe
2014-10-02 08:34 - 2013-11-14 09:26 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-02 08:34 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-02 08:34 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-02 08:31 - 2013-08-22 16:46 - 00353186 _____ () C:\WINDOWS\setupact.log
2014-10-02 08:25 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-02 08:24 - 2013-11-26 22:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-10-02 08:19 - 2014-04-28 11:20 - 00000430 _____ () C:\WINDOWS\Tasks\Show-Password_wd.job
2014-10-02 08:19 - 2014-01-20 12:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-02 08:19 - 2014-01-20 12:30 - 00000450 _____ () C:\WINDOWS\Tasks\Show-Password Update.job
2014-09-30 10:42 - 2013-08-22 16:44 - 05074488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-29 21:05 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-29 21:04 - 2013-12-31 00:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-29 21:00 - 2013-12-31 00:27 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-29 19:19 - 2013-12-30 23:45 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-29 19:05 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 19:05 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 19:04 - 2014-02-21 20:50 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-28 20:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-09-27 13:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-25 13:21 - 2014-03-26 13:46 - 00000000 ____D () C:\Users\Melanie\Documents\UTROPIK
2014-09-23 13:23 - 2014-03-26 13:48 - 00000000 ____D () C:\Users\Melanie\Documents\ORGA
2014-09-11 11:54 - 2013-12-31 00:23 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
Files to move or delete:
====================
C:\ProgramData\Lenovo-12300.vbs
Some content of TEMP:
====================
C:\Users\Melanie\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\Melanie\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\Melanie\AppData\Local\Temp\COMAP.EXE
C:\Users\Melanie\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Melanie\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Melanie\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Melanie\AppData\Local\Temp\SpOrder.dll
C:\Users\Melanie\AppData\Local\Temp\_Show-PasswordjKs.exe
C:\Users\Melanie\AppData\Local\Temp\_Show_Password.exe
C:\Users\Simon\AppData\Local\Temp\COMAP.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 11:20
==================== End Of Log ============================
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Melanie at 2014-10-03 15:57:22
Running from C:\Users\Melanie\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Endpoint Security 10 für Windows (Disabled - Out of date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Endpoint Security 10 für Windows (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 für Windows (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
PowerDVD Create 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
Ableton Live 9 Trial (HKLM\...\{7CED6E91-116C-4E7F-93FC-804ED9C546E9}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.3 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.4.30 - Adobe Systems Incorporated)
Adobe Muse (x32 Version: 7.4.30 - Adobe Systems Incorporated) Hidden
Adobe Muse CC 2014 (HKLM\...\{0A030E99-7CFB-4F35-B1A8-B495F8B36E7A}) (Version: 2014.1.1.6 - Adobe Systems, Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.2 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.2 - Adobe Systems, Incorporated) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.10.00 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Power2Go 7 (x32 Version: 7.0.0.3104 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4420.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4420.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.4306b - CyberLink Corp.) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Integrated Camera Driver Installer Package Ver.1.0.0.19 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.19 - RICOH)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41651) (Version: 3.8.0.41651.58 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Kalender-Excel-8.10 (HKLM-x32\...\Kalender-Excel-8.10_is1) (Version: 8.10 - MSDatec)
Kaspersky Endpoint Security 10 für Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.2.1.23 - Kaspersky Lab)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.34 - )
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.05.0013 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.07 - )
Lenovo QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0035 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.1.15.100 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.10 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.14 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.5 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.00.0019 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.1.1657 - Native Instruments)
Native Instruments Controller Editor (Version: 1.6.1.1657 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Service Center (Version: 2.5.2.1549 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.7.337 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.7.337 - Native Instruments) Hidden
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
Pulselocker Sync 1.5.0 (HKLM-x32\...\Pulselocker Sync) (Version: 1.5.0 - Pulselocker, Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 2.1.1.0 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Show-Password (HKLM-x32\...\F8E838B2-148D-5A4E-0990-C9BDF334B310) (Version: - Show-Password-software) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\Elantech) (Version: 11.4.2.2 - ELAN Microelectronic Corp.)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0033.0 - REALTEK Semiconductor Corp.)
ThinkVantage Fingerprint Software (HKLM\...\{4C39DEA1-F78D-4B8A-8EC9-DCC6FE18D644}) (Version: 5.9.7.7214 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.8 - Lenovo)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
WaveEditor (x32 Version: 1.0.1.4013 - CyberLink Corp.) Hidden
Windows-Treiberpaket - ELAN (ETD) Mouse (07/24/2012 11.4.2.2) (HKLM\...\668C0E1D91ED9A8A18562F600F5F3C8BBBD8F192) (Version: 07/24/2012 11.4.2.2 - ELAN)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (09/01/2012 11.6.0.1030) (HKLM\...\C5447D3383070620C3892FF393F522D6225CBA13) (Version: 09/01/2012 11.6.0.1030 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (HKLM\...\E56A6B34B44A7A597FFEBE0E14D81095E0FD4D73) (Version: 08/15/2012 1.66.00.07 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
==================== Restore Points =========================
16-07-2014 17:51:53 Geplanter Prüfpunkt
08-08-2014 13:23:05 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
25-08-2014 19:16:14 Windows Update
30-08-2014 12:17:02 Windows Update
29-09-2014 17:00:25 Windows Update
02-10-2014 07:09:46 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
02-10-2014 07:10:16 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01E14A62-2925-47CC-808A-73EEC62A0046} - System32\Tasks\Show-Password_wd => C:\Program Files (x86)\Show-Password-soft\Show-Passwordd.exe [2014-06-24] () <==== ATTENTION
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07F23146-BE10-4C94-A220-08A323629DFE} - System32\Tasks\Opera scheduled Autoupdate 1388439950 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1CAD2E1C-0443-4361-BC2B-809C15C82F3F} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Melanie\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION
Task: {1D7F6E77-037F-4B20-A2B5-9CCD7DAFA295} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F6EFC10-5927-46FD-87C1-09AC2C405352} - System32\Tasks\Dolby => c:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-07-25] (Dolby Laboratories Inc.)
Task: {33EA0F4E-4810-4BA4-B72D-8D5CAA93B30C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {34D6C9F5-C968-4068-8705-D3AB7682B7E3} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2012-07-13] (CyberLink Corp.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3CF52A34-B396-413C-9E01-20FF115CBCD8} - System32\Tasks\AdobeAAMUpdater-1.0-Leopold-Melanie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {490C9AE1-4C17-4AD3-9E21-8FE4B9B9C10F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4DF43C75-0FF0-4A16-BC9D-DC94F0ECAFEE} - System32\Tasks\Show-Password Update => C:\Program Files (x86)\Show-Password-soft\Show-Passwordt88.exe [2014-06-24] () <==== ATTENTION
Task: {5507B628-9B98-4420-8A39-22090C51E84C} - System32\Tasks\Lenovo\Lenovo-12300 => C:\ProgramData\Lenovo-12300.vbs [2013-11-26] ()
Task: {6576FE9A-CE8A-40AD-8444-CB65CC35F861} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2012-09-27] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75EA84FB-9643-4B09-AD59-BCB0BEF3A376} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2012-05-24] (CyberLink)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A7B5610-B71D-48F7-B609-A8583787F0B0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {7B727935-B18D-4ED5-8CD2-6A726D86805B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {83E9C103-E4DD-42A4-AF6C-6F4445D9816A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {975D5FA7-E215-4FC6-ADC3-54FB8A76BD62} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {9AF86B00-565F-4B9E-B5C9-B95EF031E5A6} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-simon.block@outlook.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AD6BB6D5-8874-4167-85AE-8601211B724C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-04-13] (Microsoft Corporation)
Task: {AEDDDFB8-CC15-4B81-A9AF-F3DF99EA0E2C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {B59AB9FF-8D60-497F-B0AC-1FB8A30C2F22} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {C9B92867-C72E-497A-923C-D808798340B7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {CA9C9D3E-5375-4C61-87E4-320AD1D380A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-29] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E371E6FB-5B8E-4D73-AB44-354BDE4C4195} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FD1B7DD7-01DC-4BA0-B834-48DD8BB8E00F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Show-Password Update.job => C:\Program Files (x86)\Show-Password-soft\Show-Passwordt88.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Show-Password_wd.job => C:\Program Files (x86)\Show-Password-soft\Show-Passwordd.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-02-21 22:33 - 2013-11-21 08:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.dll
2012-11-15 16:51 - 2012-11-15 16:51 - 00048920 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btwleapi.dll
2014-06-24 21:06 - 2014-06-24 21:06 - 00180224 _____ () C:\Program Files (x86)\Show-Password-soft\Show-Passwordct171.exe
2012-10-26 17:44 - 2013-12-11 16:36 - 00468288 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-10-26 17:44 - 2013-12-11 16:36 - 00013120 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2014-04-28 11:20 - 2014-06-24 21:06 - 00105472 _____ () C:\Program Files (x86)\Show-Password-soft\Show-Passwordd.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-21 22:33 - 2013-11-21 08:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-09-29 19:18 - 2014-09-25 10:37 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
2014-03-19 16:18 - 2014-03-19 16:18 - 00815104 _____ () C:\Program Files\Adobe\Adobe InDesign CC (64 bit)\Utilities\adb.exe
2014-10-03 15:49 - 2014-10-03 15:49 - 00050477 _____ () C:\Users\Melanie\Desktop\Defogger.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-26 22:28 - 2012-11-09 21:14 - 00033072 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2013-11-26 22:38 - 2013-07-25 17:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-11-26 22:38 - 2013-07-25 17:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-06-24 21:06 - 2014-06-24 21:06 - 00171520 _____ () C:\Program Files (x86)\Show-Password-soft\Show-Passwordct171.dll
2013-11-26 22:17 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-05-24 22:19 - 2012-05-24 22:19 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2012-05-24 22:19 - 2012-05-24 22:19 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-09-29 19:18 - 2014-09-25 10:37 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libglesv2.dll
2014-09-29 19:18 - 2014-09-25 10:37 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libegl.dll
2014-09-29 19:18 - 2014-09-25 10:37 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\ffmpegsumo.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2013-12-11 12:43 - 2013-12-11 12:43 - 01008656 _____ () C:\Program Files (x86)\LibreOffice 4\program\libxml2.dll
2013-12-11 12:43 - 2013-12-11 12:43 - 00178192 _____ () C:\Program Files (x86)\LibreOffice 4\program\libxslt.dll
2013-12-10 20:21 - 2013-12-10 20:21 - 00073216 _____ () C:\Program Files (x86)\LibreOffice 4\program\python3.dll
2013-12-10 20:11 - 2013-12-10 20:11 - 00049152 _____ () C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\_socket.pyd
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Simon\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "LenovoOptMouseUpdate"
HKLM\...\StartupApproved\Run32: => "Adobe Version Cue CS2"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
========================= Accounts: ==========================
Administrator (S-1-5-21-4293270421-953212615-3131140010-500 - Administrator - Disabled)
Gast (S-1-5-21-4293270421-953212615-3131140010-501 - Limited - Disabled)
Melanie (S-1-5-21-4293270421-953212615-3131140010-1001 - Administrator - Enabled) => C:\Users\Melanie
Simon (S-1-5-21-4293270421-953212615-3131140010-1002 - Administrator - Enabled) => C:\Users\Simon
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/03/2014 03:44:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a7d0
Startzeit: 01cfdf0efd84574d
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 4aa7f9a7-4b03-11e4-bebc-3c970e9bf7b4
Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (10/02/2014 06:13:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11344
Error: (10/02/2014 06:13:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11344
Error: (10/02/2014 06:13:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/02/2014 06:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10250
Error: (10/02/2014 06:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10250
Error: (10/02/2014 06:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/02/2014 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9140
Error: (10/02/2014 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9140
Error: (10/02/2014 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (10/02/2014 06:12:56 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error: (10/02/2014 03:22:31 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error: (10/02/2014 01:54:13 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: D:\Device\HarddiskVolume102
Error: (10/02/2014 11:56:33 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (10/02/2014 10:33:52 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: D:\Device\HarddiskVolume92
Error: (10/02/2014 08:31:27 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: D:\Device\HarddiskVolume82
Error: (10/01/2014 00:27:14 PM) (Source: DCOM) (EventID: 10010) (User: Leopold)
Description: {82C49192-BE68-467F-BF50-971FD01DABF3}
Error: (09/30/2014 07:46:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.
Error: (09/30/2014 07:46:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.
Error: (09/30/2014 06:10:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.
Microsoft Office Sessions:
=========================
Error: (10/03/2014 03:44:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384a7d001cfdf0efd84574d4294967295C:\WINDOWS\system32\backgroundTaskHost.exe4aa7f9a7-4b03-11e4-bebc-3c970e9bf7b4C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp
Error: (10/02/2014 06:13:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11344
Error: (10/02/2014 06:13:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11344
Error: (10/02/2014 06:13:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/02/2014 06:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10250
Error: (10/02/2014 06:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10250
Error: (10/02/2014 06:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/02/2014 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9140
Error: (10/02/2014 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9140
Error: (10/02/2014 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-10-02 11:13:20.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-10-02 11:13:19.926
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-24 17:06:20.951
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-24 17:06:20.882
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-24 14:34:10.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-24 14:34:10.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-23 18:43:42.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-23 18:43:42.391
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-27 20:37:32.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-27 20:37:32.067
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 90%
Total physical RAM: 3923.81 MB
Available physical RAM: 378.7 MB
Total Pagefile: 10876.66 MB
Available Pagefile: 3395.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:444.53 GB) (Free:142.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 11DF9BA7)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 11DF9BEF)
Partition: GPT Partition Type.
==================== End Of Log ============================
--- --- --- |
So funktioniert es:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
