| LOOP PARA | 13.10.2015 17:46 |
Hallo Schrauber,
Addition: Zitat:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
durchgeführt von Melanie (2015-10-12 18:29:46)
Gestartet von C:\Users\Melanie\Desktop
Windows 8.1 Pro (X64) (2014-02-21 19:18:25)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4293270421-953212615-3131140010-500 - Administrator - Disabled)
Gast (S-1-5-21-4293270421-953212615-3131140010-501 - Limited - Disabled)
Melanie (S-1-5-21-4293270421-953212615-3131140010-1001 - Administrator - Enabled) => C:\Users\Melanie
Simon (S-1-5-21-4293270421-953212615-3131140010-1002 - Administrator - Enabled) => C:\Users\Simon
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Lite (HKLM\...\{E02581E1-6CF0-4589-AEF2-C611ECF185A8}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Standard (HKLM\...\{2DB98822-FC71-47D3-A84F-1C63CB05E2B1}) (Version: 9.0.0.0 - Ableton)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.1.110 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.3 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.4.30 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM-x32\...\{F80BB030-D3E3-11E4-B787-F144E7411942}) (Version: 2014.3.2.11 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.10.00 - )
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4420.52 - CyberLink Corp.)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
Express Project (HKLM-x32\...\ExpressProject) (Version: 1.12 - NCH Software)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
Firefox Developer Edition 43.0a2 (x86 de) (HKLM-x32\...\Firefox Developer Edition 43.0a2 (x86 de)) (Version: 43.0a2 - Mozilla)
FlacSquisher 1.3.5 (HKLM-x32\...\FlacSquisher) (Version: 1.3.5 - FlacSquisher)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free AMR To MP3 Converter (HKLM-x32\...\{FBD8C8C6-58B6-42FE-88DE-E07F2C1C5A3C}) (Version: 1.0.0 - Convert Audio Free)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
Integrated Camera Driver Installer Package Ver.1.0.0.19 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.19 - RICOH)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41651) (Version: 3.8.0.41651.58 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.34 - )
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.05.0013 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.07 - )
Lenovo QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0035 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.1.15.100 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.10 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.14 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.5 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.00.0019 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.0.5754 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version: - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version: - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version: - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.0.262 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.8.0.1081 - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version: - Native Instruments)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
Novation USB Audio Driver 2.6 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.6 - Novation DMS Ltd.)
Opera Stable 31.0.1889.230 (HKLM-x32\...\Opera 31.0.1889.230) (Version: 31.0.1889.230 - Opera Software)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Planner v1.3 (HKLM-x32\...\Planner_is1) (Version: - Dolphinity BV)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 2.1.1.0 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
sofasession Client (HKLM-x32\...\{EA61746A-4776-43CF-9B3B-0298071B3600}) (Version: 0.1.87.12 - sofasession)
Software Informer 1.4.1250.0 (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\Elantech) (Version: 11.4.2.2 - ELAN Microelectronic Corp.)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0033.0 - REALTEK Semiconductor Corp.)
ThinkVantage Fingerprint Software (HKLM\...\{4C39DEA1-F78D-4B8A-8EC9-DCC6FE18D644}) (Version: 5.9.7.7214 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.8 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WaveEditor (x32 Version: 1.0.1.4013 - CyberLink Corp.) Hidden
Windows-Treiberpaket - ELAN (ETD) Mouse (07/24/2012 11.4.2.2) (HKLM\...\668C0E1D91ED9A8A18562F600F5F3C8BBBD8F192) (Version: 07/24/2012 11.4.2.2 - ELAN)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (09/01/2012 11.6.0.1030) (HKLM\...\C5447D3383070620C3892FF393F522D6225CBA13) (Version: 09/01/2012 11.6.0.1030 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (HKLM\...\E56A6B34B44A7A597FFEBE0E14D81095E0FD4D73) (Version: 08/15/2012 1.66.00.07 - Lenovo)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4293270421-953212615-3131140010-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
==================== Wiederherstellungspunkte =========================
03-10-2015 12:51:26 JRT Pre-Junkware Removal
07-10-2015 20:29:51 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {06D05758-C189-41FB-96EE-F718EF68EE65} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4293270421-953212615-3131140010-1001UA => C:\Users\Melanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.)
Task: {2F6EFC10-5927-46FD-87C1-09AC2C405352} - System32\Tasks\Dolby => c:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-07-25] (Dolby Laboratories Inc.)
Task: {33EA0F4E-4810-4BA4-B72D-8D5CAA93B30C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {34D6C9F5-C968-4068-8705-D3AB7682B7E3} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2012-07-13] (CyberLink Corp.)
Task: {3CF52A34-B396-413C-9E01-20FF115CBCD8} - System32\Tasks\AdobeAAMUpdater-1.0-Leopold-Melanie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {490C9AE1-4C17-4AD3-9E21-8FE4B9B9C10F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4D45A04B-9347-453B-8ABD-5D6CCE644291} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {53C4277A-49A3-4449-A608-9D4C61049AE5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {5507B628-9B98-4420-8A39-22090C51E84C} - System32\Tasks\Lenovo\Lenovo-12300 => C:\ProgramData\Lenovo-12300.vbs [2013-11-26] ()
Task: {6576FE9A-CE8A-40AD-8444-CB65CC35F861} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2012-09-27] ()
Task: {66A1BD7D-50F6-4E6E-8779-F9B42F17392E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {75EA84FB-9643-4B09-AD59-BCB0BEF3A376} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2012-05-24] (CyberLink)
Task: {814404B6-F46A-40B5-8E66-701BAE0B45F2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {818FC13D-1875-4B05-ABD6-EA95A235705B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {83E9C103-E4DD-42A4-AF6C-6F4445D9816A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {9AF86B00-565F-4B9E-B5C9-B95EF031E5A6} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-simon.block@outlook.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {B3A575A5-FFE1-427D-B2A1-DC49CFA7BDD8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4293270421-953212615-3131140010-1001Core => C:\Users\Melanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.)
Task: {C9B92867-C72E-497A-923C-D808798340B7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {E077C30D-FB50-479E-A310-93BC70300574} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {EF4F3A93-1D09-432D-9DE4-2AF58B2D6E0E} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {FAD62372-E0C2-4C83-98DE-2B5F8211A10C} - System32\Tasks\Opera scheduled Autoupdate 1441717004 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-02] (Opera Software)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4293270421-953212615-3131140010-1001Core.job => C:\Users\Melanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4293270421-953212615-3131140010-1001UA.job => C:\Users\Melanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-02-21 22:33 - 2013-11-21 08:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-15 16:51 - 2012-11-15 16:51 - 00048920 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btwleapi.dll
2015-06-13 14:17 - 2015-06-13 14:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2012-10-26 17:44 - 2013-12-11 16:36 - 00468288 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-26 17:44 - 2013-12-11 16:36 - 00013120 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2014-02-21 22:33 - 2013-11-21 08:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2013-11-26 22:28 - 2012-11-09 21:14 - 00033072 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2013-11-26 22:38 - 2013-07-25 17:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-11-26 22:38 - 2013-07-25 17:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2015-02-16 19:31 - 2015-02-16 19:31 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2015-02-12 14:27 - 2015-02-12 14:27 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2013-11-26 22:17 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-08-04 18:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2015-09-08 14:56 - 2015-09-02 16:37 - 58642040 _____ () C:\Program Files (x86)\Opera\31.0.1889.230\opera.dll
2015-08-24 15:56 - 2015-08-24 15:56 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-09-08 14:56 - 2015-09-02 16:37 - 01780344 _____ () C:\Program Files (x86)\Opera\31.0.1889.230\libglesv2.dll
2015-09-08 14:56 - 2015-09-02 16:37 - 00081528 _____ () C:\Program Files (x86)\Opera\31.0.1889.230\libegl.dll
2012-05-24 22:19 - 2012-05-24 22:19 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2012-05-24 22:19 - 2012-05-24 22:19 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Simon\SkyDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "LenovoOptMouseUpdate"
HKLM\...\StartupApproved\Run: => "LENOVO.TPKNRRES"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Version Cue CS2"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4293270421-953212615-3131140010-1001\...\StartupApproved\Run: => "sofasession_client"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2433557E-6CD7-470A-9F3E-765F4F220E53}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{73F1BCC5-DA9E-467E-BDAD-9A4F7B2A08E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{352C9063-AE29-4C17-8747-D01889A93055}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50565CC6-5343-4271-ACA6-E43E706669B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D375E262-F1F2-46F4-8B09-F140B46AAF55}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{F4DE8198-88B7-4E44-8E95-A361603E2A3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5EAD9092-2C95-4EDE-9144-5A75DD352A6D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{DB3C18EC-AE5A-4FF9-8049-C3B8EBE89FF4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C5537F0A-120E-4575-A59C-9F5EDDD97E85}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{491D3B9E-ECF6-453D-AE11-CE9766FD14F8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F3096A26-7ED8-4554-B14C-B1EE7F1706CB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4365B8C1-54C4-40CD-B412-E469212F6878}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{CF6E4D6B-FACB-4257-97AE-5D297EFFB000}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{92544746-AB09-4555-983B-E59911D4B6F0}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{E432756C-0E31-409B-BF95-99084FD547D5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{FF647DCD-6FC0-4038-B5D6-B465E8119045}C:\program files (x86)\adobe\adobe muse\adobe muse.exe] => (Block) C:\program files (x86)\adobe\adobe muse\adobe muse.exe
FirewallRules: [UDP Query User{A8803C95-7D47-46EF-A6F6-A7C30337A8E4}C:\program files (x86)\adobe\adobe muse\adobe muse.exe] => (Block) C:\program files (x86)\adobe\adobe muse\adobe muse.exe
FirewallRules: [TCP Query User{539BC453-802D-4FBD-9DA0-018EBDE39FD9}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [UDP Query User{0E116BC7-77D1-4B29-AEF6-18420BB1A175}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [{15F7CBBA-D358-4BA8-B472-8B204DDBABD9}] => (Allow) C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{61EE5DA0-5EA5-4B21-9B28-67AAB6FE268E}] => (Allow) C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{AC6E1BD7-47A7-4490-ACD9-D8F5CBEFD690}C:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{09D1498F-89C5-43FE-9993-88C6EDBD7E8D}C:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F2FCE1D8-AF42-42CB-BA82-340A645717B3}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{C3EE3D52-C2DF-4C02-90CD-1138CA8B7717}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [TCP Query User{CBDD069C-2C8F-4082-BA52-A71A2A48F04C}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [UDP Query User{7F987CD0-F3FF-4C08-992B-641957C8130F}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [TCP Query User{8FF48031-B18B-4946-B170-8CE7C322AC09}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F4304689-233B-4D37-9FCF-221C7203D1E6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{8CF2AD1A-A65E-4AB7-9085-5B87C169BA6C}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [UDP Query User{1ED1A495-5E00-497F-8645-187C23102D55}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [TCP Query User{D6EFC411-1308-48A2-8F41-003AD5698BEB}C:\program files (x86)\adobe\adobe muse\adobe muse.exe] => (Allow) C:\program files (x86)\adobe\adobe muse\adobe muse.exe
FirewallRules: [UDP Query User{4A24BD3E-AD31-4791-B771-8321B42AFF13}C:\program files (x86)\adobe\adobe muse\adobe muse.exe] => (Allow) C:\program files (x86)\adobe\adobe muse\adobe muse.exe
FirewallRules: [{06C8FD9D-F1F0-4817-B889-856B8A3ACFDD}] => (Allow) C:\Program Files (x86)\sofasession\sofasession Client\sofasession_client.exe
FirewallRules: [{D3DB06F3-872F-40F1-8DD9-C48F5A22476A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A54D38FF-29F0-48F0-948C-C9E5A65F4854}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition+\firefox.exe
FirewallRules: [{1F0DE415-4B73-41BE-8738-BD1B3449080D}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition+\firefox.exe
FirewallRules: [{D1A66AD9-4C70-4F6C-8232-A780FD5266B4}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{B4D16511-D388-489E-AC29-C5700336CC7F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{A09DC990-9F25-45C6-80B9-38D3AA742DCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C7AC4EF9-8C38-4AD8-98B4-962EA49EDC7F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{857F027D-2B25-4430-AA15-CC915D4FDE76}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{30216E3C-D154-471B-BA1C-B39AEA4B20D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/12/2015 06:08:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 43.0.0.5754, Zeitstempel: 0x560fa8ac
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000497e8
ID des fehlerhaften Prozesses: 0x10cc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5
Error: (10/12/2015 06:05:29 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (10/12/2015 07:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 43.0.0.5754, Zeitstempel: 0x560fa8ac
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000497e8
ID des fehlerhaften Prozesses: 0x1734
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5
Error: (10/11/2015 11:34:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1c10
Startzeit: 01d10455039c0371
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: ea1f614d-705f-11e5-bf18-3c970e9bf7b4
Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (10/11/2015 08:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15375
Error: (10/11/2015 08:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15375
Error: (10/11/2015 08:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/11/2015 07:34:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ddc
Startzeit: 01d1044a4fb88246
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 43755eb1-703e-11e5-bf18-3c970e9bf7b4
Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (10/11/2015 06:57:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f04
Startzeit: 01d10444ed07e5c1
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 31094601-7039-11e5-bf18-3c970e9bf7b4
Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (10/11/2015 03:35:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1adc
Startzeit: 01d1042845448fb3
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: ebf9e17d-701c-11e5-bf18-3c970e9bf7b4
Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Systemfehler:
=============
Error: (10/11/2015 06:21:59 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Windows8_OS" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x500000003ddb0. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Error: (10/11/2015 06:21:59 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Windows8_OS" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x50000000386ab. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Error: (10/11/2015 06:09:11 PM) (Source: DCOM) (EventID: 10010) (User: Leopold)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (10/11/2015 01:03:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LocationTaskManager erreicht.
Error: (10/11/2015 12:49:52 AM) (Source: DCOM) (EventID: 10010) (User: Leopold)
Description: {75DFF2B7-6936-4C06-A8BB-676A7B00B24B}
Error: (10/11/2015 12:06:14 AM) (Source: DCOM) (EventID: 10010) (User: Leopold)
Description: {75DFF2B7-6936-4C06-A8BB-676A7B00B24B}
Error: (10/11/2015 12:04:47 AM) (Source: DCOM) (EventID: 10010) (User: Leopold)
Description: {75DFF2B7-6936-4C06-A8BB-676A7B00B24B}
Error: (10/10/2015 09:15:23 PM) (Source: DCOM) (EventID: 10010) (User: Leopold)
Description: {75DFF2B7-6936-4C06-A8BB-676A7B00B24B}
Error: (10/10/2015 02:56:06 PM) (Source: DCOM) (EventID: 10010) (User: Leopold)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/10/2015 02:55:36 PM) (Source: DCOM) (EventID: 10010) (User: Leopold)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
CodeIntegrity:
===================================
Date: 2015-07-29 13:02:06.884
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-29 13:02:06.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-28 18:12:49.173
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-28 18:12:49.077
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-28 18:12:30.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-28 18:12:30.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-26 11:55:15.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-26 11:55:15.076
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-26 11:55:14.786
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-26 11:55:14.623
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 69%
Installierter physikalischer RAM: 3923.81 MB
Verfügbarer physikalischer RAM: 1215.58 MB
Summe virtueller Speicher: 7891.81 MB
Verfügbarer virtueller Speicher: 4519.87 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:444.53 GB) (Free:190.03 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (EOS_DIGITAL) (Removable) (Total:30.26 GB) (Free:0.01 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 11DF9BA7)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 11DF9BEF)
Partition: GPT.
========================================================
Disk: 2 (Size: 30.3 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
| GMER:
GMER Logfile: Code:
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2015-10-12 21:41:09
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 HGST_HTS725050A7E630 rev.GH2ZB550 465,76GB
Running: qdl2ojo6.exe; Driver: C:\Users\Melanie\AppData\Local\Temp\fwddapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb1f674b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb1f674f3c 8 bytes [60, 6E, 3D, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb1f675216 8 bytes [50, 6E, 3D, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb1f67540f 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb1f6757af 8 bytes [30, 6E, 3D, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb1f675964 8 bytes [20, 6E, 3D, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb1f675f01 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb1f675f5e 8 bytes [F0, 6D, 3D, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb1f6f12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb1f6f1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb1f6f1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb1f6f1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb1f6f1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb1f6f1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb1f6f1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb1f6f2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 00000000776e13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 00000000776e1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 00000000776e1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 00000000776e1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776e16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe[6056] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 00000000776e1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb1f674b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb1f674f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb1f675216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb1f67540f 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb1f6757af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb1f675964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb1f675f01 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb1f675f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb1f6f12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb1f6f1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb1f6f1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb1f6f1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb1f6f1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb1f6f1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb1f6f1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb1f6f2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 00000000776e13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 00000000776e1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 00000000776e1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 00000000776e1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776e16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe[1492] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 00000000776e1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb1f674b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb1f674f3c 8 bytes [60, 6E, 56, 7F, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb1f675216 8 bytes [50, 6E, 56, 7F, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb1f67540f 8 bytes {JMP 0xffffffffffffffee}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb1f6757af 8 bytes [30, 6E, 56, 7F, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb1f675964 8 bytes [20, 6E, 56, 7F, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb1f675f01 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb1f675f5e 8 bytes [F0, 6D, 56, 7F, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb1f6f12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb1f6f1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb1f6f1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb1f6f1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb1f6f1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb1f6f1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb1f6f1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb1f6f2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 00000000776e13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 00000000776e1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 00000000776e1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 00000000776e1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776e16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\rundll32.exe[6156] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 00000000776e1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffb1f674b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffb1f674f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffb1f675216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffb1f67540f 8 bytes {JMP 0xffffffffffffffee}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffb1f6757af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffb1f675964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffb1f675f01 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffb1f675f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffb1f6f12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffb1f6f1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb1f6f1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffb1f6f1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffb1f6f1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffb1f6f1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffb1f6f1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffb1f6f2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 00000000776e13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 00000000776e1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 00000000776e1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 00000000776e1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776e16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Melanie\Desktop\qdl2ojo6.exe[5964] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 00000000776e1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [940:1456] fffff960008732d0
Thread C:\WINDOWS\system32\csrss.exe [940:2944] fffff960008732d0
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2572] (FreemakeUtilsService/Freemake)(2015-01-29 12:09:26) 0000000000340000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----[/QUOTE]
--- --- --- |
Emsisoft Emergency Kit herunter.