| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HTML/Infected.WebPage.Gen3 und Rechner langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.11.2014, 11:39
| #1 |
 |  HTML/Infected.WebPage.Gen3 und Rechner langsam Hallo, seit einigen Tagen ist mein Rechner etwas lahm. Auffällig ist auch eine verzögerte Tastatureingabe z.B. auf Websiten. Heute morgen poppte dann Avira auf und meldete den o.a. Fund. Ich möchte den Rechner nun mal wieder komplett durchchecken und dem Fund auf die Spur kommen. Übrigens benutze ich den Rechner teils beruflich. Allerdings bin ich ein 1-Mann-Büro und habe keine eigene IT-Abteilung. Wäre also schön, wenn es trotzdem klappt und Ihr mir helfen könnt. Hier die Logs... defogger.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:00 on 21/11/2014 (tcee)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Exportierte Ereignisse:
21.11.2014 07:44 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\username\AppData\Local\Mozilla\Firefox\Profiles\h6rodsf6.default-14017146
18966\cache2\entries\9BE4A88A8B2A435CB04DE3E461819C7167DAFEFA'
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen3'
[virus] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Username (administrator) on Username-THINK on 21-11-2014 10:18:33
Running from C:\Users\Username\Desktop
Loaded Profile: Username (Available profiles: UpdatusUser & Username & Username)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136 2014-10-03] ()
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///H:/Mydlink/activeX/DCP.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///H:/Mydlink/activeX/aplugLiteDL.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1502850821-2927420759-2148834354-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\abs@avira.com [2014-11-21]
FF Extension: Default Full Zoom Level - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-11-20]
FF Extension: Firebug - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\firebug@software.joehewitt.com.xpi [2012-05-06]
FF Extension: NoScript - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-08-22]
FF Extension: MeasureIt - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-07-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
Chrome:
=======
CHR Profile: C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S4 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2012-02-27] (Lenovo.)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S2 bckd; system32\drivers\bckd.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 10:18 - 2014-11-21 10:19 - 00020429 _____ () C:\Users\Username\Desktop\FRST.txt
2014-11-21 10:17 - 2014-11-21 10:17 - 02117632 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe
2014-11-21 10:00 - 2014-11-21 10:00 - 00000470 _____ () C:\Users\Username\Desktop\defogger_disable.log
2014-11-21 09:59 - 2014-11-21 09:59 - 00050477 _____ () C:\Users\Username\Desktop\Defogger.exe
2014-11-21 07:12 - 2014-11-21 07:12 - 00000022 _____ () C:\Windows\S.dirmngr
2014-11-20 10:18 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 10:18 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 10:18 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 10:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 10:35 - 2014-11-19 17:15 - 00000000 ____D () C:\Users\Username\AppData\Roaming\Skype
2014-11-17 10:35 - 2014-11-19 14:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-17 10:35 - 2014-11-19 14:14 - 00002517 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-11-17 10:35 - 2014-11-19 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-17 10:35 - 2014-11-17 10:35 - 00000000 ____D () C:\Users\Username\AppData\Local\Skype
2014-11-17 10:34 - 2014-11-19 14:14 - 00000000 ____D () C:\ProgramData\Skype
2014-11-17 10:34 - 2014-11-17 10:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-16 11:09 - 2014-11-17 21:22 - 00000713 _____ () C:\Users\Username\Desktop\Strategies.txt
2014-11-12 14:44 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 14:44 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 14:44 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 14:44 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 14:44 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 14:44 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 14:44 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 14:44 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 14:44 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 14:44 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 14:44 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 14:44 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 14:44 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 14:44 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 14:44 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 14:44 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 14:44 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 14:44 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 14:44 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 14:44 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 14:44 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 14:44 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 14:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 14:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 14:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 14:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 14:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 14:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 14:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 14:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 14:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 14:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 14:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 14:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 14:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 14:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 14:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 14:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 14:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 14:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 14:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 14:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 14:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 14:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 14:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 14:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 14:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 14:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 14:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 14:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 14:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 14:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 14:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 14:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 14:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 14:43 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:43 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 14:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 14:42 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 14:42 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 14:42 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:42 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:42 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:42 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:42 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 14:42 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 14:42 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 14:42 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 14:42 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 14:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:42 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 14:42 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 14:42 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 14:42 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:42 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 14:40 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:40 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-10 10:30 - 2014-11-10 10:30 - 06126536 _____ (Tim Kosse) C:\Users\Username\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-11-09 11:41 - 2014-11-09 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-09 11:40 - 2014-11-09 11:41 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-09 11:37 - 2014-11-09 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\Program Files\iTunes
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-09 11:36 - 2014-11-09 11:36 - 00000000 ____D () C:\Program Files\iPod
2014-11-09 11:29 - 2014-11-09 11:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 11:29 - 2014-11-09 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-09 11:29 - 2014-11-09 11:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-09 11:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-09 11:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 19:09 - 2014-11-21 09:50 - 00000335 _____ () C:\Users\Username\Desktop\Todo.txt
2014-10-24 14:13 - 2014-11-20 09:40 - 00000033 _____ () C:\Users\Username\DesktopAD.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 10:19 - 2014-10-17 19:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 10:18 - 2014-06-01 13:02 - 00000000 ____D () C:\FRST
2014-11-21 09:51 - 2014-10-17 19:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 09:36 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 09:36 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 09:32 - 2012-03-30 03:40 - 02035088 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 09:26 - 2014-08-23 07:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 08:44 - 2012-03-30 13:23 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-11-21 08:44 - 2012-03-30 13:23 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-11-21 08:44 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 08:32 - 2014-03-11 17:24 - 00046158 _____ () C:\Windows\setupact.log
2014-11-21 07:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 10:32 - 2013-08-01 17:33 - 00000000 ____D () C:\Users\Username\AppData\Roaming\vlc
2014-11-20 10:22 - 2014-10-19 18:46 - 00000100 _____ () C:\Users\Username\Desktop\Baumarkt.txt
2014-11-20 10:09 - 2014-08-23 07:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-20 10:09 - 2012-04-15 07:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 10:09 - 2012-04-15 07:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-20 10:08 - 2014-06-27 12:19 - 00000000 ____D () C:\Users\Username\AppData\Local\Adobe
2014-11-20 10:02 - 2012-07-23 12:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-20 10:01 - 2012-05-06 10:49 - 00000000 ____D () C:\Users\Username\AppData\Roaming\FileZilla
2014-11-20 09:34 - 2012-07-20 10:31 - 00000000 ____D () C:\Users\Username\AppData\Local\Adobe
2014-11-18 17:05 - 2014-09-03 15:14 - 00000285 _____ () C:\Users\Username\Desktop\Wohnung Todo.txt
2014-11-16 10:27 - 2012-05-06 07:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-15 19:52 - 2013-11-17 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 09:18 - 2012-07-23 07:14 - 00000000 ____D () C:\Users\Username\AppData\Local\Akamai
2014-11-13 15:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 19:13 - 2012-10-01 09:53 - 00000000 ____D () C:\Users\Username\AppData\Roaming\FileZilla
2014-11-12 19:04 - 2012-08-17 13:03 - 00001456 _____ () C:\Users\Username\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-11-12 18:35 - 2009-07-14 05:45 - 04969680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:14 - 2014-10-17 19:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 15:14 - 2014-10-17 19:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 14:53 - 2013-07-11 07:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 14:46 - 2012-04-14 16:44 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 14:11 - 2010-11-21 04:47 - 01111468 _____ () C:\Windows\PFRO.log
2014-11-11 09:55 - 2012-08-15 07:02 - 00000000 ____D () C:\Users\Username\AppData\Local\Lenovo
2014-11-09 12:47 - 2014-02-14 08:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-09 12:44 - 2014-02-14 08:10 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-11-09 11:36 - 2014-09-15 08:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-09 11:36 - 2013-09-27 09:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-09 11:29 - 2012-07-16 17:03 - 00000000 ____D () C:\Users\Username\AppData\Roaming\Malwarebytes
2014-11-09 11:29 - 2012-07-16 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-09 11:18 - 2012-04-14 07:03 - 00086336 _____ () C:\Users\Username\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 17:28 - 2012-04-14 19:40 - 00086336 _____ () C:\Users\Username\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 15:44 - 2013-09-06 09:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-06 15:44 - 2012-10-19 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-06 15:44 - 2012-10-19 11:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 19:04 - 2012-04-14 19:40 - 00000000 ____D () C:\Users\Username
2014-10-22 20:05 - 2013-08-01 17:33 - 00000000 ____D () C:\Users\Username\AppData\Roaming\dvdcss
Some content of TEMP:
====================
C:\Users\Username\AppData\Local\Temp\avgnt.exe
C:\Users\Username\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 11:54
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Username at 2014-11-21 10:20:08
Running from C:\Users\Username\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998929134.48.56.6499218 - Audible, Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Deutsch (DE) + Pali (HKLM\...\{4CD3A532-B3F8-41D3-B91D-A9B6A53BE0E6}) (Version: 1.0.3.40 - Frank Snow)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
FeedDemon (HKLM-x32\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Forex Tester 2.8.10 (HKLM-x32\...\{F5EC7F6B-B68B-433C-AA20-54EDFE76191D}_is1) (Version: - Forex Tester Software)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gpg4win (2.2.2) (HKLM-x32\...\GPG4Win) (Version: 2.2.2 - The Gpg4win Project)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Logitech Media Server 7.7.2 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.2 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
OpenOffice 4.0.1 Language Pack (German) (HKLM-x32\...\{0C55CCF1-29E2-4481-A31F-1FDF19E038F2}) (Version: 4.01.9714 - Apache Software Foundation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice Beta 4.1.0 (HKLM-x32\...\{E0284E69-DDCE-4AB0-9A6B-22DC9CB8D7DB}) (Version: 4.10.9760 - Apache Software Foundation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.67 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
==================== Restore Points =========================
10-11-2014 13:20:24 Windows Update
12-11-2014 13:44:21 Windows Update
12-11-2014 17:44:08 Windows Update
16-11-2014 09:39:43 Windows Update
19-11-2014 20:12:59 Windows Update
20-11-2014 09:18:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-02-02 08:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03C8D2F7-C5F5-4207-8235-3D9C5A7028A2} - System32\Tasks\AdobeAAMUpdater-1.0-Username-THINK-Username => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {0AAC0C8F-17F9-44D9-8633-99800402F7B4} - System32\Tasks\awareness6
Task: {0EFF2205-FC92-44C3-9847-11F40B84514D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {1949FBA0-C3CD-4D95-8CF4-D8C1EC416BE7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1BF94E8A-9370-4315-AFAE-C59B52FBA257} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {2A5074E8-5ACC-4D7C-B8E2-2B7689FB6C3A} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {3316434C-3712-4FC7-A669-6C670554C817} - System32\Tasks\be aware! 19
Task: {3B6F8732-8E3E-481A-B032-D48CCB0ABCA7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3EA94329-78C3-4A77-80AB-3269078D89FB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5E241B72-DD17-4ABF-9A35-042ED30B2E01} - System32\Tasks\be aware!
Task: {61294AAE-7DAC-42BD-9822-5DE8BD747EE3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-02-27] (Lenovo Group Limited)
Task: {66736ADD-A74A-447E-B881-2B7FE342DDAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {6BE59280-6519-4482-B234-3FF1A1372790} - System32\Tasks\aware00
Task: {76E282E5-6E12-4B64-8961-BEF23A694991} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8594D661-1412-43A1-A9D5-0614214D5250} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {880D2868-EE2E-4A74-9A7A-CE4EED02188D} - System32\Tasks\awareness5
Task: {88CB84E9-B6C5-443D-A74D-E1F81679658C} - System32\Tasks\awareness4
Task: {898DC75A-40B7-447B-8546-FC4D0E134300} - System32\Tasks\awareness3
Task: {A29BF6F0-A657-47DB-970D-04ACBBF9A0AD} - System32\Tasks\be aware 16
Task: {B8D51834-255C-4F7F-A4B0-E0B06BF29BAB} - System32\Tasks\AdobeAAMUpdater-1.0-Username-THINK-Username => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {BBB9866A-4406-48CE-B73C-56A803CA3F21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {C760EC6E-D7A4-4102-8410-CAC7AD31BB11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {CC9B9E00-0D49-4D00-8EC0-D45AF6454684} - System32\Tasks\Awareness1
Task: {CE893D65-78EE-4A76-B74F-22666E11AA10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D509974F-B4A2-4F4D-B101-5F462082506D} - System32\Tasks\Awareness2
Task: {D5E18281-C555-4285-9DFC-0CC5EB556E1D} - System32\Tasks\be aware! 17
Task: {EBE7144C-7860-422B-AFA9-292E85F0A8A7} - System32\Tasks\be aware! 18
Task: {FB7DC5DC-1E7F-4A05-BFD7-F51EF09F2B08} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-03 12:07 - 2014-09-03 12:07 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-03-30 03:50 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-03-30 03:54 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-03 09:08 - 2014-10-03 09:08 - 01435136 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2012-03-30 03:57 - 2012-02-27 19:07 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-03 11:53 - 2014-09-03 11:53 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-09-03 11:48 - 2014-09-03 11:48 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2014-09-03 11:41 - 2014-09-03 11:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-09-03 11:53 - 2014-09-03 11:53 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-09-03 11:56 - 2014-09-03 11:56 - 00742400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2013-11-17 08:40 - 2014-11-15 19:52 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-20 10:07 - 2014-11-20 10:07 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DozeSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: Lenovo.VIRTSCRLSVC => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Media Server-Taskleisten-Tool.lnk => C:\Windows\pss\Logitech Media Server-Taskleisten-Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Username^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Username^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk.Startup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1502850821-2927420759-2148834354-500 - Administrator - Disabled)
Gast (S-1-5-21-1502850821-2927420759-2148834354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502850821-2927420759-2148834354-1003 - Limited - Enabled)
Username (S-1-5-21-1502850821-2927420759-2148834354-1004 - Limited - Enabled) => C:\Users\Username
Username (S-1-5-21-1502850821-2927420759-2148834354-1001 - Administrator - Enabled) => C:\Users\Username
UpdatusUser (S-1-5-21-1502850821-2927420759-2148834354-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: bckd
Description: bckd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bckd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/21/2014 07:13:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 09:52:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 06:26:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 01:58:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 10:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x11ac
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (11/20/2014 10:30:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x140c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (11/20/2014 09:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 02:13:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:18:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/21/2014 07:12:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/20/2014 09:52:34 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/20/2014 09:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/20/2014 06:25:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/20/2014 01:58:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/20/2014 09:24:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/19/2014 09:01:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/19/2014 02:12:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/19/2014 09:17:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/18/2014 07:32:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (11/21/2014 07:13:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 09:52:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 06:26:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 01:58:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 10:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d11ac01d004a49374355eC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll213f526e-7098-11e4-bd49-f0def1dce4ed
Error: (11/20/2014 10:30:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d140c01d004a396b5bf6aC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dllcf163a6a-7097-11e4-bd49-f0def1dce4ed
Error: (11/20/2014 09:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 02:13:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:18:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-02-02 08:17:34.626
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.423
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.236
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.064
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-16 15:05:01.912
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-16 15:05:01.874
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8075.23 MB
Available physical RAM: 5545.19 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 13402.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:100 GB) (Free:24.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (data) (Fixed) (Total:348.67 GB) (Free:316.26 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B2FF4958)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-21 11:12:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF3Z 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\username\AppData\Local\Temp\kgtiyaow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\KERNEL32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3b79452
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3b79452 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu HTML/Infected.WebPage.Gen3 und Rechner langsam |
| antivir, avira, bildschirm, browser, combofix, dvdvideosoft ltd., failed, feedback, fehlercode 0xc0000005, fehlercode 24, festplatte, flash player, gmer.log, html/infected.webpage.gen3, iexplore.exe, malware, mozilla, officejet, panda usb vaccine, programm, pwmtr64v.dll, registry, security, software, svchost.exe, teredo, this device cannot start. (code10), virus, windows |
Baum-Darstellung