Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AVG user Interface (https://www.trojaner-board.de/179858-avg-user-interface.html)

werama 29.06.2016 16:30
Hatten wir doch schon.:confused:


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by ulfw (2016-06-29 17:25:26)
Running from C:\Users\ulfw\Downloads\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-06-27 17:29:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4256507873-131550310-878068454-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4256507873-131550310-878068454-503 - Limited - Disabled)
Guest (S-1-5-21-4256507873-131550310-878068454-501 - Limited - Disabled)
ulfw (S-1-5-21-4256507873-131550310-878068454-1001 - Administrator - Enabled) => C:\Users\ulfw

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
Adobe Premiere Elements 14 (HKLM-x32\...\{18EF738B-56F0-4370-8FEA-93FC9EC51DFA}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{5346695A-EC06-45D4-8ACE-4E889A6D5289}) (Version: 7.9.1488.0 - DisplayLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
EaseUS Partition Master 11.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo BatteryGauge (HKLM\...\{B8D3ED8D-A295-44C2-8AE1-56823D44AD1F}) (Version: 1.0.007.00 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4210 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4210 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.059.01 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.2 - Samsung Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
ViewNX-i (HKLM\...\{C67A5551-26C1-4C7B-A9DF-AD148549D482}) (Version: 1.2.1 - Nikon Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wartung Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4256507873-131550310-878068454-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D30E02-FDBD-4291-8385-AA5FB650A559} - System32\Tasks\Lenovo\BatteryGauge => C:\Program Files\lenovo\BatteryGauge\BatteryGaugeIcon.exe [2015-07-11] (Lenovo)
Task: {06FCBD67-E280-4030-92DB-536CF472D14A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {1648F6DA-3CD5-4C12-AA69-EA5574833D27} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {5A5624C2-943F-4659-9A4B-32C5B24134CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {5E5516A8-8AAB-4CDC-8D95-FF4C4DF9121C} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-11] (Lenovo)
Task: {6377755C-BB0B-4341-ABC8-8AB4CB29EADB} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {7E324D52-1AE5-41A9-82F6-3AEE7C0BC338} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {8E4C56C1-12B8-480E-9825-0952B5E4062F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-uweissen@bluewin.ch => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {A1076A1D-90BE-4B35-89B1-0C52A9A057A1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => control iMControllerService 128
Task: {C85329DE-73A3-4ECD-B10E-FE238FB443AA} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-06-01] (Lenovo)
Task: {C8C4CBE0-5972-4F96-808A-7AB44DAFA6E1} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {D823706C-E893-4E53-A98E-7C573FDAA2B5} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {E6F2146A-64A5-467C-AA00-B1D17C08269E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {EDF32366-676F-48EC-963B-03DB6FDA586B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-23 19:50 - 2011-06-21 09:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2016-06-19 09:42 - 2016-06-19 09:42 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2015-09-15 01:58 - 2015-09-15 01:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2016-06-23 19:56 - 2015-11-05 21:02 - 00491328 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00226216 _____ () C:\Program Files\update\UpdateAgent.exe
2015-11-01 06:55 - 2015-06-27 11:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2015-11-01 06:47 - 2015-08-19 05:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-27 20:04 - 2016-06-27 20:04 - 00959168 _____ () C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-12 17:20 - 2016-02-12 17:20 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-27 08:10 - 2016-04-27 08:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-01 06:47 - 2015-11-01 06:47 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-11-01 06:47 - 2015-11-01 06:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-06-16 03:53 - 2015-06-16 03:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-06-27 20:38 - 2016-06-27 20:38 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-27 20:38 - 2016-06-27 20:38 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-27 20:38 - 2016-06-27 20:38 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-06-01 20:26 - 2016-06-01 20:28 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-01 20:28 - 2016-06-01 20:29 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-11-01 06:47 - 2015-08-21 08:43 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-06-18 13:07 - 2016-06-15 10:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 13:07 - 2016-06-15 10:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-01 06:50 - 2015-02-13 01:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2016-06-29 14:43 - 2016-06-29 14:43 - 00964096 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-06-01 20:27 - 2016-06-01 20:28 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-06-29 14:43 - 2016-06-29 14:43 - 03311000 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-06-18 12:39 - 2016-06-02 02:48 - 00161736 _____ () C:\ProgramData\Lenovo\iMController\Plugins\LenovoAudioPlugin\x86\QualityStatsRevInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2016-06-27 17:37 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4256507873-131550310-878068454-1001\Control Panel\Desktop\\Wallpaper -> E:\Eigene Dokumente\Eigene Bilder\Oberoesterreich\Eggelsberg-37.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2016 04:51:38 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/29/2016 01:32:55 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/29/2016 11:19:00 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/29/2016 07:15:32 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/28/2016 10:51:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/28/2016 10:49:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/28/2016 02:47:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/28/2016 01:45:55 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/28/2016 12:51:05 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/28/2016 08:18:08 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]


System errors:
=============
Error: (06/29/2016 04:34:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (06/29/2016 02:36:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/29/2016 02:07:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/29/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Sync Host_5feee erreicht.

Error: (06/29/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst User Data Storage_5feee erreicht.

Error: (06/29/2016 02:04:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_5feee" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-06-29 14:56:51.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 08:19:14.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 22:04:07.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 19:27:12.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 19:26:36.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 19:21:45.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8097.91 MB
Available physical RAM: 4764.26 MB
Total Virtual: 10017.91 MB
Available Virtual: 6661.33 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:119.12 GB) (Free:41.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Volume) (Fixed) (Total:98.24 GB) (Free:52.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2BC178FB)

Partition: GPT.

==================== End of Addition.txt ============================
Hatten wir doch schon:confused:


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by ulfw (2016-06-29 17:25:26)
Running from C:\Users\ulfw\Downloads\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-06-27 17:29:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4256507873-131550310-878068454-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4256507873-131550310-878068454-503 - Limited - Disabled)
Guest (S-1-5-21-4256507873-131550310-878068454-501 - Limited - Disabled)
ulfw (S-1-5-21-4256507873-131550310-878068454-1001 - Administrator - Enabled) => C:\Users\ulfw

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
Adobe Premiere Elements 14 (HKLM-x32\...\{18EF738B-56F0-4370-8FEA-93FC9EC51DFA}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{5346695A-EC06-45D4-8ACE-4E889A6D5289}) (Version: 7.9.1488.0 - DisplayLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
EaseUS Partition Master 11.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo BatteryGauge (HKLM\...\{B8D3ED8D-A295-44C2-8AE1-56823D44AD1F}) (Version: 1.0.007.00 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4210 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4210 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.059.01 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.2 - Samsung Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
ViewNX-i (HKLM\...\{C67A5551-26C1-4C7B-A9DF-AD148549D482}) (Version: 1.2.1 - Nikon Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wartung Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4256507873-131550310-878068454-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D30E02-FDBD-4291-8385-AA5FB650A559} - System32\Tasks\Lenovo\BatteryGauge => C:\Program Files\lenovo\BatteryGauge\BatteryGaugeIcon.exe [2015-07-11] (Lenovo)
Task: {06FCBD67-E280-4030-92DB-536CF472D14A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {1648F6DA-3CD5-4C12-AA69-EA5574833D27} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {5A5624C2-943F-4659-9A4B-32C5B24134CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {5E5516A8-8AAB-4CDC-8D95-FF4C4DF9121C} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-11] (Lenovo)
Task: {6377755C-BB0B-4341-ABC8-8AB4CB29EADB} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {7E324D52-1AE5-41A9-82F6-3AEE7C0BC338} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {8E4C56C1-12B8-480E-9825-0952B5E4062F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-uweissen@bluewin.ch => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {A1076A1D-90BE-4B35-89B1-0C52A9A057A1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => control iMControllerService 128
Task: {C85329DE-73A3-4ECD-B10E-FE238FB443AA} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-06-01] (Lenovo)
Task: {C8C4CBE0-5972-4F96-808A-7AB44DAFA6E1} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {D823706C-E893-4E53-A98E-7C573FDAA2B5} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {E6F2146A-64A5-467C-AA00-B1D17C08269E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {EDF32366-676F-48EC-963B-03DB6FDA586B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-23 19:50 - 2011-06-21 09:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2016-06-19 09:42 - 2016-06-19 09:42 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2015-09-15 01:58 - 2015-09-15 01:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2016-06-23 19:56 - 2015-11-05 21:02 - 00491328 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00226216 _____ () C:\Program Files\update\UpdateAgent.exe
2015-11-01 06:55 - 2015-06-27 11:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2015-11-01 06:47 - 2015-08-19 05:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-27 20:04 - 2016-06-27 20:04 - 00959168 _____ () C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-12 17:20 - 2016-02-12 17:20 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-27 08:10 - 2016-04-27 08:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-28 05:18 - 2016-06-28 05:18 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-01 06:47 - 2015-11-01 06:47 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-11-01 06:47 - 2015-11-01 06:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-06-16 03:53 - 2015-06-16 03:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-06-27 20:38 - 2016-06-27 20:38 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-27 20:38 - 2016-06-27 20:38 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-27 20:38 - 2016-06-27 20:38 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-06-01 20:26 - 2016-06-01 20:28 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-01 20:28 - 2016-06-01 20:29 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-11-01 06:47 - 2015-08-21 08:43 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-06-18 13:07 - 2016-06-15 10:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 13:07 - 2016-06-15 10:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-01 06:50 - 2015-02-13 01:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2016-06-29 14:43 - 2016-06-29 14:43 - 00964096 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-06-01 20:27 - 2016-06-01 20:28 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-06-29 14:43 - 2016-06-29 14:43 - 03311000 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-06-18 12:39 - 2016-06-02 02:48 - 00161736 _____ () C:\ProgramData\Lenovo\iMController\Plugins\LenovoAudioPlugin\x86\QualityStatsRevInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2016-06-27 17:37 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4256507873-131550310-878068454-1001\Control Panel\Desktop\\Wallpaper -> E:\Eigene Dokumente\Eigene Bilder\Oberoesterreich\Eggelsberg-37.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2016 04:51:38 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/29/2016 01:32:55 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/29/2016 11:19:00 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/29/2016 07:15:32 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/28/2016 10:51:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/28/2016 10:49:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/28/2016 02:47:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/28/2016 01:45:55 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/28/2016 12:51:05 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (06/28/2016 08:18:08 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]


System errors:
=============
Error: (06/29/2016 04:34:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (06/29/2016 02:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_66730" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (06/29/2016 02:36:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/29/2016 02:07:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/29/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Sync Host_5feee erreicht.

Error: (06/29/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst User Data Storage_5feee erreicht.

Error: (06/29/2016 02:04:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_5feee" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-06-29 14:56:51.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 08:19:14.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 22:04:07.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 19:27:12.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 19:26:36.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 19:21:45.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8097.91 MB
Available physical RAM: 4764.26 MB
Total Virtual: 10017.91 MB
Available Virtual: 6661.33 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:119.12 GB) (Free:41.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Volume) (Fixed) (Total:98.24 GB) (Free:52.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2BC178FB)

Partition: GPT.

==================== End of Addition.txt ============================

cosinus 29.06.2016 21:07
Hab mich verschrieben. Ich meinte die FRST.txt, also das Hauptlog. Du hast 2x die addition.txt gepostet. Und jetzt schon wieder :rofl:

werama 01.07.2016 08:11
Cosinus
Ich bin für 10 Tage im Ausland unt erwegs und nur sporadisch im Nbetz.
Melde mich wieder wen ich zu hause bin.
Gruss werama

Cosinus
Ich bin für 10 Tage im Ausland unterwegs und nur sporadisch im Netz.
Melde mich wieder wen ich zu hause bin.
Gruss werama

werama 12.09.2016 15:35
Wieder zurück
 
Hallo cosinus

Sorry aus 10 Tagen wurden 2 1/2 Monate, bedingt durch Krankenhausaufenthalt..
Ich habe soeben mein Obulus entrichtet. Können wir die Geschichte jetzt abschliessen?

Was brauchst du noch dazu.

Gruss

cosinus 12.09.2016 15:38
Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

werama 12.09.2016 16:24
Der Download wir abgebrochen mit der Meldung:

Fehler Virus gefunden

???

cosinus 13.09.2016 08:44
Mit dieser Meldung wird dir niemand helfen.

werama 13.09.2016 13:26
Windows 10 "smart screen" hatte den Download blockiert.



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by ulfw (administrator) on LAPDESKTOP (13-09-2016 14:16)
Running from C:\TrojanerBoard
Loaded Profiles: ulfw (Available Profiles: ulfw)
Platform: Windows 10 Home Version 1511 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Windows\SysWOW64\spdsvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\update\UpdateAgent.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Windows\System32\PortChanger.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD T1.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412912 2016-06-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-06-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-06-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-06-01] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-11-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\EpmNews.exe [2090176 2016-04-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\CleanUpUI.exe [1227456 2016-04-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-07-01] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68aa8129-2e02-4ac7-9f17-2ca6b94762fd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c76f7e95-d6e4-4b7f-bf18-a9c1bc35784e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{db9e1287-99f7-4ed8-9519-4738aea84118}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fb80cd58-df40-44b1-9b37-247645e8ce84}: [DhcpNameServer] 150.206.1.2

Internet Explorer:
==================
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-4256507873-131550310-878068454-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-4256507873-131550310-878068454-1001 -> DefaultScope {D5F1BE35-A861-465C-ACBD-70DA19F6DED7} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-06-29] [not signed]

Chrome:
=======
CHR Profile: C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-27]
CHR Extension: (Google Docs) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-27]
CHR Extension: (Google Drive) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-27]
CHR Extension: (YouTube) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-27]
CHR Extension: (FromDocToPDF) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfpdhjbmgalijofgljkeckkgdjafgmfb [2016-09-13]
CHR Extension: (Google Tabellen) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-27]
CHR Extension: (FromDocToPDF) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-09-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-27]
CHR Extension: (Google Mail) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-27]
CHR Extension: (Chrome Media Router) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR Extension: (SnapMyScreen) - C:\Users\ulfw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj [2016-09-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor7.0; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [163840 2008-09-16] (Adobe Systems Incorporated) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [618920 2016-06-01] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-04-27] (DisplayLink Corp.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-23] (Intel Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-11-01] (Lenovo) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-09-09] (Macrovision Europe Ltd.) [File not signed]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [372128 2016-06-01] (Intel Corporation)
R2 ImControllerService; c:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [60752 2016-08-24] (Lenovo Group Limited)
R2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-11-01] ()
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [82096 2015-05-21] (BayHubTech/O2Micro International)
R2 O2FLASH; C:\WINDOWS\SysWOW64\drivers\o2flash.exe [82096 2015-05-21] (BayHubTech/O2Micro International)
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [491328 2015-11-05] ()
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263792 2016-06-01] (Synaptics Incorporated)
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-11-01] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [38328 2015-08-21] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1589.0.sys [67336 2016-05-23] ()
R3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm62_x64.sys [91920 2016-04-27] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [229648 2016-04-27] (DisplayLink Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-23] (Intel Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18016 2016-01-20] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2016-01-20] ()
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-23] (Intel Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-01-20] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-01-20] ()
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [67608 2015-11-01] (Windows (R) Win 7 DDK provider) [File not signed]
R0 FBFsmon; C:\Windows\System32\DRIVERS\FBFsmon.sys [39448 2015-11-01] (Windows (R) Win 7 DDK provider) [File not signed]
R2 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [32792 2015-11-01] (Windows (R) Win 7 DDK provider) [File not signed]
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250096 2015-07-02] (Intel Corporation)
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [7052032 2016-06-01] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [201240 2015-05-21] (BayHubTech/O2Micro )
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3049176 2015-05-29] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [74352 2016-06-01] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 13:41 - 2016-09-13 13:44 - 01748992 _____ (Farbar) C:\Users\ulfw\Downloads\FRST.exe
2016-09-12 16:06 - 2016-09-12 16:06 - 00001374 _____ C:\Users\ulfw\Desktop\Brief-Brief.doc - Verknüpfung.lnk
2016-09-12 15:31 - 2016-09-12 15:31 - 00000000 ____D C:\WINDOWS\LastGood
2016-09-12 14:51 - 2016-09-12 14:51 - 00003200 _____ C:\WINDOWS\System32\Tasks\Samsung_PSSD_Registration
2016-09-12 14:51 - 2016-09-12 14:51 - 00001729 _____ C:\Users\Public\Desktop\Samsung Portable SSD T3.lnk
2016-09-12 14:51 - 2016-09-12 14:51 - 00000000 ____D C:\ProgramData\Samsung Apps
2016-09-12 14:51 - 2016-09-12 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Portable SSD T3
2016-09-09 18:23 - 2016-09-09 18:38 - 00000000 ____D C:\ProgramData\FLEXnet
2016-09-09 18:23 - 2016-09-09 18:23 - 00001293 _____ C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
2016-09-09 18:23 - 2016-09-09 18:23 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk
2016-09-09 18:23 - 2016-09-09 18:23 - 00000060 _____ C:\WINDOWS\wininit.ini
2016-09-09 18:22 - 2016-09-09 18:22 - 01628920 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxsfs.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00547576 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\px.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00510712 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxdrv.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00379640 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxwave.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00187128 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxmas.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00129784 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxafs.dll
2016-09-09 18:22 - 2016-09-09 18:22 - 00118520 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxinsi64.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00116472 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxcpyi64.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00072440 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxhpinst.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00064760 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxinsa64.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00064760 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\pxcpya64.exe
2016-09-09 18:22 - 2016-09-09 18:22 - 00039672 ____N (Sonic Solutions) C:\WINDOWS\SysWOW64\vxblock.dll
2016-09-09 18:21 - 2016-09-09 18:21 - 00000000 ____D C:\Users\ulfw\Desktop\Adobe
2016-09-08 13:51 - 2016-04-27 08:14 - 00026896 _____ (DisplayLink Corp.) C:\WINDOWS\system32\Drivers\dlkmdldr.sys
2016-09-07 08:12 - 2016-09-07 08:12 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-09-06 13:47 - 2016-09-06 13:47 - 00000676 _____ C:\Users\ulfw\Desktop\Schlüssel-Dia.spj - Verknüpfung (2).lnk
2016-09-05 16:02 - 2016-09-05 16:02 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-02 10:07 - 2016-09-02 10:07 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2016-09-01 16:20 - 2016-09-01 16:20 - 00001262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk
2016-09-01 16:20 - 2016-09-01 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2016-09-01 16:20 - 2016-09-01 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2016-08-31 18:01 - 2016-09-01 17:23 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\NCH Software
2016-08-31 18:01 - 2016-09-01 16:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2016-08-31 18:01 - 2016-09-01 16:20 - 00000000 ____D C:\ProgramData\NCH Software
2016-08-31 18:01 - 2016-09-01 16:20 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-08-24 14:50 - 2016-08-24 14:50 - 00257872 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2016-08-20 10:57 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-20 10:57 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-20 10:57 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-20 10:57 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-20 10:57 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-20 10:57 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-20 10:57 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-20 10:57 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-20 10:57 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-20 10:57 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-20 10:57 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-20 10:57 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-20 10:57 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-20 10:57 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-20 10:57 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-20 10:57 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-20 10:57 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-20 10:57 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-20 10:57 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-20 10:57 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-20 10:57 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-20 10:57 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-20 10:57 - 2016-08-03 11:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-20 10:57 - 2016-08-03 11:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-20 10:57 - 2016-08-03 11:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-20 10:57 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-20 10:57 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-20 10:57 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-20 10:57 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-20 10:57 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-20 10:57 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-20 10:57 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-20 10:57 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-20 10:57 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-20 10:57 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-20 10:57 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-20 10:57 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-20 10:57 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-20 10:57 - 2016-08-03 11:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-20 10:57 - 2016-08-03 11:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-20 10:57 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-20 10:57 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-20 10:57 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-20 10:57 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-20 10:57 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-20 10:57 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-20 10:57 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-20 10:57 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-20 10:57 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-20 10:57 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-20 10:57 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-20 10:57 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-20 10:57 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-20 10:57 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-20 10:57 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-20 10:57 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-20 10:57 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-20 10:57 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-20 10:57 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-20 10:57 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-20 10:57 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-20 10:57 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-20 10:57 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-20 10:57 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-20 10:57 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-20 10:57 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-20 10:57 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-20 10:57 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-20 10:57 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-20 10:57 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-20 10:57 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-20 10:57 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-20 10:57 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-20 10:57 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-20 10:57 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-20 10:56 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-20 10:56 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-20 10:56 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-20 10:56 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-20 10:56 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-20 10:56 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-20 10:56 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-20 10:56 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-20 10:56 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-20 10:56 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-20 10:56 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-20 10:56 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-20 10:56 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-20 10:56 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-20 10:56 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-20 10:56 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-20 10:56 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-20 10:56 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-20 10:56 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-20 10:56 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-20 10:56 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-20 10:56 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-20 10:56 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-20 10:56 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-20 10:56 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-20 10:56 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-20 10:56 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-20 10:56 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-20 10:56 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-20 10:56 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-20 10:56 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-20 10:56 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-20 10:56 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-20 10:56 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-20 10:56 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-20 10:56 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-20 10:56 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-20 10:56 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-20 10:56 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-20 10:56 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-20 10:56 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-20 10:56 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-20 10:56 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-20 10:56 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-20 10:56 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-20 10:56 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-20 10:56 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-20 10:56 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-19 21:01 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-19 18:01 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-19 18:01 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-19 18:01 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-19 18:01 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-19 18:01 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-19 18:01 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-19 18:01 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-19 18:01 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-19 18:01 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-19 18:01 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 14:16 - 2016-06-27 09:16 - 00000000 ____D C:\FRST
2016-09-13 14:16 - 2016-06-26 16:58 - 00000000 ____D C:\TrojanerBoard
2016-09-13 14:12 - 2016-06-01 20:57 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-13 13:37 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-13 13:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-13 13:35 - 2016-06-18 16:11 - 00000000 ____D C:\Users\ulfw\AppData\Local\Adobe
2016-09-13 13:35 - 2016-06-02 15:27 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{931BFAFD-4B01-497B-955E-2018BD63BFBA}
2016-09-13 13:32 - 2016-06-27 19:22 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-13 13:32 - 2016-06-01 20:57 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-13 13:32 - 2016-06-01 16:48 - 00000000 __SHD C:\Users\ulfw\IntelGraphicsProfiles
2016-09-12 16:21 - 2016-06-28 05:13 - 00777080 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-12 16:21 - 2016-06-28 05:13 - 00156168 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-12 16:21 - 2016-06-28 05:11 - 00816108 _____ C:\WINDOWS\system32\perfh00C.dat
2016-09-12 16:21 - 2016-06-28 05:11 - 00156154 _____ C:\WINDOWS\system32\perfc00C.dat
2016-09-12 16:21 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-12 16:21 - 2015-07-16 17:54 - 02773372 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-12 15:32 - 2016-06-01 16:48 - 00000000 ____D C:\Users\ulfw\AppData\Local\Packages
2016-09-12 15:18 - 2016-06-20 19:19 - 00000000 ___RD C:\Users\ulfw\Documents\Scanned Documents
2016-09-12 07:47 - 2016-04-27 08:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-12 07:47 - 2015-10-30 08:28 - 03145728 ___SH C:\WINDOWS\system32\config\BBI
2016-09-11 11:11 - 2016-04-27 08:29 - 00224680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-11 11:10 - 2016-06-07 11:57 - 00000000 ____D C:\Web
2016-09-09 18:38 - 2016-06-18 16:12 - 00000000 ____D C:\ProgramData\Adobe
2016-09-09 18:22 - 2016-06-19 14:41 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-08 13:50 - 2016-06-29 14:56 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-09-08 13:50 - 2016-06-27 19:21 - 00000000 ____D C:\Program Files\DisplayLink Core Software
2016-09-07 18:54 - 2016-06-27 19:23 - 00000000 ____D C:\Users\ulfw
2016-09-07 16:03 - 2016-06-04 14:42 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\Nitro PDF
2016-09-05 16:02 - 2016-06-01 16:50 - 00002387 _____ C:\Users\ulfw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-05 16:02 - 2016-06-01 16:50 - 00000000 ___RD C:\Users\ulfw\OneDrive
2016-09-02 10:10 - 2016-06-01 16:48 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\Adobe
2016-09-01 18:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 18:15 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-01 14:34 - 2016-06-04 11:41 - 00000000 ____D C:\Users\ulfw\AppData\Roaming\Audacity
2016-08-31 08:51 - 2016-06-25 20:05 - 00005695 _____ C:\ProgramData\StreamingMediaTechnologyLog.txt
2016-08-24 16:06 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-20 13:34 - 2016-04-27 08:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-20 12:42 - 2016-04-27 08:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-20 12:42 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-20 11:20 - 2016-06-02 15:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-20 11:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-20 11:17 - 2016-06-02 15:58 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-19 16:13 - 2016-06-01 20:58 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-19 16:07 - 2016-06-01 20:57 - 00004198 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-19 16:07 - 2016-06-01 20:57 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-19 11:11 - 2015-11-01 06:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-08-18 18:29 - 2016-06-01 16:48 - 00000000 ____D C:\Users\ulfw\AppData\Local\Lenovo

==================== Files in the root of some directories =======

2016-06-02 15:15 - 2016-06-02 15:15 - 0000000 _____ () C:\Users\ulfw\AppData\Roaming\fastboot.log
2016-06-03 15:06 - 2016-06-03 15:06 - 0000268 ___RH () C:\Users\ulfw\AppData\Roaming\Speech Enhancer
2016-06-03 15:06 - 2016-06-03 15:06 - 0000268 ___RH () C:\Users\ulfw\AppData\Roaming\Standard
2016-06-27 19:22 - 2016-06-27 19:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-27 19:22 - 2016-06-27 19:22 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-06-03 15:06 - 2016-06-03 15:06 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2016-06-03 15:06 - 2016-06-03 15:06 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2016-06-03 15:06 - 2016-06-03 15:06 - 0000268 ___RH () C:\ProgramData\StartupItems
2016-06-03 15:06 - 2016-06-03 15:06 - 0000268 ___RH () C:\ProgramData\StatusSheet
2016-06-25 20:05 - 2016-08-31 08:51 - 0005695 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt

Some files in TEMP:
====================
C:\Users\ulfw\AppData\Local\Temp\LMkRstPt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-06 15:49

==================== End of FRST.txt ============================
--- --- ---

--- --- ---


Hier noch die Additional
FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by ulfw (13-09-2016 14:16:39)
Running from C:\TrojanerBoard
Windows 10 Home Version 1511 (X64) (2016-06-27 17:29:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4256507873-131550310-878068454-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4256507873-131550310-878068454-503 - Limited - Disabled)
Guest (S-1-5-21-4256507873-131550310-878068454-501 - Limited - Disabled)
ulfw (S-1-5-21-4256507873-131550310-878068454-1001 - Administrator - Enabled) => C:\Users\ulfw

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 14 (HKLM-x32\...\{18EF738B-56F0-4370-8FEA-93FC9EC51DFA}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{22822919-96E0-46E0-9CCC-1318A8ED0081}) (Version: 7.9.1589.0 - DisplayLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
EaseUS Partition Master 11.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4210 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4210 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.066.00 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0.6025 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version: 3.28 - NCH Software)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.2 - Samsung Electronics Co., Ltd.)
Samsung Portable SSD T3 (HKLM-x32\...\Samsung Portable SSD T3_is1) (Version: 1.3 - Samsung Electronics)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
ViewNX-i (HKLM\...\{C67A5551-26C1-4C7B-A9DF-AD148549D482}) (Version: 1.2.1 - Nikon Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wartung Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4256507873-131550310-878068454-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06FCBD67-E280-4030-92DB-536CF472D14A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {1648F6DA-3CD5-4C12-AA69-EA5574833D27} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {3FC40DD9-73C2-426F-A3AA-ED262FA6489A} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe [2016-09-12] (Samsung Electronics)
Task: {4EE33060-A5D8-44B9-BF13-A070C6CE2262} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {5A5624C2-943F-4659-9A4B-32C5B24134CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {5E5516A8-8AAB-4CDC-8D95-FF4C4DF9121C} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-11] (Lenovo)
Task: {6377755C-BB0B-4341-ABC8-8AB4CB29EADB} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {645738A3-5771-4310-B466-1201795C006A} - System32\Tasks\NCH Software\VideoPadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe
Task: {7E324D52-1AE5-41A9-82F6-3AEE7C0BC338} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {8E4C56C1-12B8-480E-9825-0952B5E4062F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-uweissen@bluewin.ch => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {A1076A1D-90BE-4B35-89B1-0C52A9A057A1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {C85329DE-73A3-4ECD-B10E-FE238FB443AA} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-06-01] (Lenovo)
Task: {C8C4CBE0-5972-4F96-808A-7AB44DAFA6E1} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {D823706C-E893-4E53-A98E-7C573FDAA2B5} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {E6F2146A-64A5-467C-AA00-B1D17C08269E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {EDF32366-676F-48EC-963B-03DB6FDA586B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {F88F597F-9E43-4299-9FC9-373187714BED} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-05] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\ulfw\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.html

==================== Loaded Modules (Whitelisted) ==============

2016-06-23 19:50 - 2011-06-21 09:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2016-06-19 09:42 - 2016-06-19 09:42 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-06-23 19:56 - 2015-11-05 21:02 - 00491328 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2015-09-15 01:58 - 2015-09-15 01:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-11-01 07:47 - 2015-11-01 07:47 - 00226216 _____ () C:\Program Files\update\UpdateAgent.exe
2015-11-01 06:55 - 2015-06-27 11:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2015-11-01 06:47 - 2015-08-19 05:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2012-10-19 04:52 - 2012-10-19 04:52 - 03867040 _____ () C:\WINDOWS\system32\PortChanger.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-01 06:47 - 2015-08-21 08:43 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-07-13 19:24 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 19:24 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-05 16:01 - 2016-09-05 16:01 - 01864384 _____ () C:\Users\ulfw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-13 19:25 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-27 08:12 - 2016-04-27 08:12 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-04-27 08:10 - 2016-04-27 08:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 19:26 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 19:25 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 19:25 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 19:25 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-01 06:47 - 2015-11-01 06:47 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-11-01 06:47 - 2015-11-01 06:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-06-16 03:53 - 2015-06-16 03:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-06-27 20:42 - 2016-06-27 20:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-19 16:13 - 2016-08-03 01:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-19 16:13 - 2016-08-03 01:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2015-11-01 06:50 - 2015-02-13 01:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2015-10-21 15:50 - 2015-10-21 15:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-27 20:42 - 2016-06-27 20:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-09 17:22 - 2016-08-09 17:22 - 00101888 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Management\252667907e1e3e32b11d87fba7af0023\Windows.Management.ni.dll
2016-08-09 17:22 - 2016-08-09 17:22 - 02921472 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\931208eb21bfb07f9a4995753d6b7f7b\Windows.ApplicationModel.ni.dll
2016-08-09 17:22 - 2016-08-09 17:22 - 00821248 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\70c31a6aefe21a1501d1b781a0217731\Windows.Storage.ni.dll
2016-08-09 03:34 - 2016-08-09 03:34 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cbafdb4e11c9fd06e0a2e5efa6253883\Windows.Foundation.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2016-06-27 17:37 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4256507873-131550310-878068454-1001\Control Panel\Desktop\\Wallpaper -> E:\Eigene Dokumente\Eigene Bilder\Oberoesterreich\Eggelsberg-2-8.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-4256507873-131550310-878068454-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{5387E6E7-6A00-4330-8C4F-E7F45B958856}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B410D92F-2249-4C2F-A960-20136312CD6F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{C7657223-4F8E-40EC-A5BA-91982C4F8406}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2016 01:32:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe Premiere Elements 14\MPEGHDVExport.exe".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/13/2016 01:32:18 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (09/12/2016 05:25:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 45.2.0.6025 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2004

Startzeit: 01d20d0444171def

Beendigungszeit: 34

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID: 2d50ce11-78fd-11e6-9c28-a434d9298c05

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (09/12/2016 04:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 45.2.0.6025 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16d8

Startzeit: 01d20d03bb68ba56

Beendigungszeit: 19

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID: 1fcc8207-78f7-11e6-9c28-a434d9298c05

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (09/12/2016 02:52:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe Premiere Elements 14\MPEGHDVExport.exe".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/12/2016 02:47:05 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (09/12/2016 11:49:47 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (09/12/2016 07:43:16 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (09/11/2016 07:15:43 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (09/11/2016 04:19:12 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]


System errors:
=============
Error: (09/13/2016 01:35:51 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (09/13/2016 01:33:37 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (09/13/2016 01:32:19 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Für den Miniport "Targus Giga Ethernet, {DB9E1287-99F7-4ED8-9519-4738AEA84118}" ist das Ereignis "73" aufgetreten.

Error: (09/12/2016 08:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_6eb7c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (09/12/2016 08:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_6eb7c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (09/12/2016 08:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_6eb7c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (09/12/2016 08:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_6eb7c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (09/12/2016 04:46:32 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (09/12/2016 02:53:48 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (09/12/2016 02:51:44 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


CodeIntegrity:
===================================
  Date: 2016-09-02 08:53:25.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-20 13:34:07.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 16:09:41.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 03:23:08.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-07 18:38:17.095
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 14:56:51.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 08:19:14.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 22:04:07.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 19:27:12.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 19:26:36.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 39%
Total physical RAM: 8097.91 MB
Available physical RAM: 4908.88 MB
Total Virtual: 9377.91 MB
Available Virtual: 6400.64 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:119.12 GB) (Free:63.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Samsung_T3) (Fixed) (Total:465.74 GB) (Free:465.74 GB) exFAT
Drive e: (Volume) (Fixed) (Total:98.24 GB) (Free:47.61 GB) NTFS
Drive f: (Transcend) (Removable) (Total:3.73 GB) (Free:0.91 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2BC178FB)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: C492DAD6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
--- --- ---

--- --- ---

cosinus 13.09.2016 13:54
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


werama 13.09.2016 14:08
Ich starte FRST.exe:

Er läuft durch und macht eine FRST.txt sonst nichts.

cosinus 13.09.2016 14:18
Einfach mal die Anleitung richtig lesen und umsetzen.

werama 13.09.2016 15:10
Habe den Defender in Windows 10 deaktiviert. Ansonsten ist mir kein Vierenscanner bei mir bekannt. AVG hab ich ja schon vor 3 Monaten deinstalliert.

Nach deiner Beschreibung komme ich bis zur gestarteten FRST64.exe
Nun sollte ich einen entfernen Button sehen. Diesen kann ich nicht finden.

Kannst du mir sagen wo ich einen Fehler mache?

cosinus 13.09.2016 15:19
Mein Güte, FRST hat nur vier Buttons!!! :wtf:
Da wirst du doch selbst den Button, der mit "entfernen" beschriftet ist, finden! Dasist der erste von recht oder auch der vierte von links :rofl: :lach:

werama 13.09.2016 15:35
Der ist mit FIX beschriftet da suche ich kein entfernen


Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by ulfw (13-09-2016 16:30:40) Run:1
Running from C:\TrojanerBoard
Loaded Profiles: ulfw (Available Profiles: ulfw)
Boot Mode: Normal
==============================================

fixlist content:
*****************
emptytemp:
*****************


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 333504581 B
Java, Flash, Steam htmlcache => 980 B
Windows/system/drivers => 12135208 B
Edge => 49198770 B
Chrome => 497244333 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 37608 B
NetworkService => 0 B
ulfw => 735974200 B

RecycleBin => 7243055772 B
EmptyTemp: => 8.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:31:02 ====

cosinus 13.09.2016 15:42
Zitat:
Platform: Windows 10 Home (X64) Language: Englisch (Vereinigte Staaten)
:rofl: kein Wunder, dein Windows ist ja auch auf Englisch! Und damit haste aber keine Probleme? :lach:


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:29 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131