| |
| |||||||
Log-Analyse und Auswertung: Win 7 Pro - explorer.exe belegt mehr und mehr SpeicherplatzWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.10.2014, 08:22
| #1 |
| |  Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Guten Tag. Auf meinem Laptop (Lenovo t420i) verwendet explorer.exe nach dem start ~ 25.000 K, was dann beim standardmässigen Arbeiten (installierte Programme ANTIVIR, FIREFOX, THUNDERBIRD, LIBRE OFFICE, ACROBAT) langsam auf bis zu 380.000 K ansteigt. Irgendwann funktionieren dann Doppelklicks auf dem Desktop nicht mehr. Abhilfe: Prozess im Taskmanager löschen und explorer.exe neu starten, dann fängt das Ganze von vorne an. ANTIVIR zeigt KEINE Funde. Ich habe DEFOGGER, FIRST64 und GMER installiert und nach trojaner-board-Anweisung laufen lassen. DEFOGGER bringt KEINE Fehlermeldung. FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by admin (administrator) on ZI_PORTABLE on 06-10-2014 21:21:50
Running from C:\Users\admin\Desktop
Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(BUFFALO INC.) C:\Windows\System32\TC2Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Health Info Net AG) C:\Program Files (x86)\HIN Client\hinclient.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(FileZilla Project) F:\Programme\FileZillaPortable\FileZilla FTP Client\filezilla.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\scalc.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\soffice.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(FileZilla Project) F:\Programme\FileZillaPortable\FileZilla FTP Client\fzsftp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\admin\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\SYSTEM32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [tpcexTray] => C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [77368 2013-09-25] (BUFFALO INC.)
HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HIN Client] => C:\Program Files (x86)\HIN Client\hinclient.exe [243432 2013-11-28] (Health Info Net AG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432472 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {3a304c2d-d836-11e3-8d5f-402cf4fee0d8} - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {884b5e2a-da7b-11e3-84e8-402cf4fee0d8} - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {bb8ee080-e7b8-11e3-9149-dcde8e4fc27e} - E:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241472 2012-03-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202560 2012-03-05] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk
ShortcutTarget: FRITZ!Fernzugang.lnk -> C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.19
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default
FF SearchEngineOrder.1: Ask Search
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\user.js
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-fra-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-ita-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-por-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-spa-deu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HP Smart Print - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\hpwebprint@hpwebprint.com [2013-11-27]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-16]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [802384 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-07] (Lenovo.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed]
S4 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134712 2013-09-25] (BUFFALO INC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-11] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-11] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-04-16] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-06-18] ()
S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [196608 2008-06-24] (Sierra Wireless Inc.)
S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [191744 2008-06-24] (Sierra Wireless Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation)
S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2008-04-29] (Swisscom)
S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [378664 2008-04-29] (Swisscom)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-06 21:21 - 2014-10-06 21:22 - 00027838 _____ () C:\Users\admin\Desktop\FRST.txt
2014-10-06 21:18 - 2014-10-06 21:21 - 00000000 ____D () C:\FRST
2014-10-06 21:16 - 2014-10-06 21:16 - 02109952 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-10-06 21:14 - 2014-10-06 21:14 - 00000472 _____ () C:\Users\admin\Desktop\defogger_disable.log
2014-10-06 21:14 - 2014-10-06 21:14 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-10-06 21:12 - 2014-10-06 21:13 - 00050477 _____ () C:\Users\admin\Desktop\Defogger.exe
2014-10-05 14:54 - 2014-10-05 14:54 - 05582481 _____ (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2014-10-04 09:46 - 2014-10-04 09:46 - 00000000 _____ () C:\Windows\Minidump\100414-15568-01.dmp
2014-10-01 17:19 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:19 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 19:35 - 2014-09-26 19:35 - 00001697 _____ () C:\Users\Public\Desktop\ShakeHands Kontor 2014.lnk
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\Users\admin\AppData\Local\ProSaldo
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShakeHands
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Users\admin\Documents\ProSaldo
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Programme
2014-09-25 17:43 - 2014-09-25 17:43 - 43868392 _____ (Health Info Net AG) C:\Users\admin\Downloads\hin_client_windows.exe
2014-09-25 11:33 - 2014-09-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 01:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 01:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 19:21 - 2014-09-23 19:21 - 00000082 _____ () C:\Windows\odbc_merge.INI
2014-09-23 19:17 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\admin\Documents\Taxpool-Buchhalter
2014-09-23 19:07 - 2014-09-23 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{56643D1F-761C-478F-A31F-24E83B3880B1}
2014-09-23 19:01 - 2014-09-23 19:01 - 63249048 _____ () C:\Users\admin\Downloads\taxpool_buchhalter_mini_installation.exe
2014-09-23 19:00 - 2014-09-23 19:00 - 11721744 _____ () C:\Users\admin\Downloads\FreeFileSync_6.9_Windows_Setup.exe
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 10:55 - 2014-09-21 10:55 - 00000000 _____ () C:\Windows\Minidump\092114-15210-01.dmp
2014-09-17 15:07 - 2014-09-17 15:07 - 00000000 ____D () C:\Users\admin\.jfreereport
2014-09-16 18:55 - 2014-10-04 09:49 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-16 12:54 - 2014-09-23 19:04 - 00001972 _____ () C:\Users\admin\Documents\SyncSettings_F_DESKTOP_FUER_ARCHIV.ffs_gui
2014-09-16 12:38 - 2014-09-16 12:38 - 00000000 _____ () C:\Windows\Minidump\091614-15022-01.dmp
2014-09-14 04:39 - 2014-09-23 19:04 - 00001942 _____ () C:\Users\admin\Documents\SyncSettings_F_NAS2.ffs_gui
2014-09-13 18:10 - 2014-09-13 18:10 - 00000000 ____D () C:\Users\admin\Documents\2XPDFStore
2014-09-12 10:38 - 2014-09-12 10:41 - 224940032 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86.msi
2014-09-12 10:38 - 2014-09-12 10:38 - 07393280 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86_helppack_de.msi
2014-09-11 09:45 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 09:45 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 09:45 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 09:45 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 09:45 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 09:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 09:45 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 09:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 09:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 09:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 09:44 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 09:44 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 09:44 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 09:44 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 09:44 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 09:44 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 09:44 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 09:42 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 09:42 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 09:17 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 09:17 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 09:13 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 09:13 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 09:12 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 17:35 - 2014-09-10 17:35 - 00000962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-10 16:15 - 2014-09-10 16:15 - 06057862 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-09 22:04 - 2014-09-09 22:04 - 00000112 _____ () C:\Windows\system32\snetcfg.log
2014-09-09 22:00 - 2014-09-09 22:00 - 03784904 _____ (WiseCleaner.com ) C:\Users\admin\Downloads\WPCASetup.exe
2014-09-09 21:17 - 2014-09-13 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\2XClient
2014-09-09 21:17 - 2014-09-09 21:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2X
2014-09-09 21:08 - 2014-09-09 21:08 - 00003062 _____ () C:\Windows\System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-06 21:22 - 2011-04-16 09:42 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-06 21:20 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:20 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:17 - 2011-04-16 09:42 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-06 21:14 - 2013-08-19 13:51 - 00000000 ____D () C:\Users\admin
2014-10-06 20:56 - 2014-05-12 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 20:37 - 2014-06-12 09:34 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-10-06 17:17 - 2011-04-16 09:19 - 01646166 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 15:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-06 10:06 - 2013-11-27 17:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\HpUpdate
2014-10-06 09:58 - 2009-07-14 06:51 - 00171565 _____ () C:\Windows\setupact.log
2014-10-06 09:52 - 2014-02-10 19:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla
2014-10-04 13:38 - 2014-05-07 23:35 - 00001863 _____ () C:\Users\admin\Desktop\20140512_RA_007_SVA_Bern_11341.lnk
2014-10-04 12:48 - 2013-09-11 08:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-10-04 10:52 - 2014-02-19 07:56 - 00000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2014-10-04 09:46 - 2014-09-05 18:51 - 500728971 _____ () C:\Windows\MEMORY.DMP
2014-10-04 09:46 - 2013-12-22 21:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 09:46 - 2011-04-16 09:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-04 09:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 17:47 - 2014-06-10 19:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\NCH Software
2014-10-01 17:12 - 2011-04-16 09:36 - 00189552 _____ () C:\Windows\PFRO.log
2014-09-29 18:16 - 2013-09-29 17:26 - 00002282 ____H () C:\Users\admin\Documents\Default.rdp
2014-09-29 17:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-29 11:46 - 2014-05-05 14:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-29 10:10 - 2014-04-20 10:37 - 00000000 ____D () C:\Users\admin\Desktop\verwaltung
2014-09-27 14:34 - 2014-06-12 11:34 - 00000098 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2014-09-26 11:06 - 2011-04-16 09:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 11:06 - 2011-04-16 09:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 11:06 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 19:02 - 2013-08-19 14:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client.lnk
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client Deinstallationsprogramm.lnk
2014-09-25 17:58 - 2013-10-27 11:40 - 00000000 ____D () C:\Program Files (x86)\HIN Client
2014-09-25 16:42 - 2013-08-19 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 18:26 - 2014-02-16 15:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-24 15:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 19:04 - 2014-08-20 16:42 - 00001945 _____ () C:\Users\admin\Documents\SyncSettings_F_ZENTRALE.ffs_gui
2014-09-23 19:03 - 2014-06-20 10:34 - 00000943 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2014-09-23 19:03 - 2014-06-20 10:34 - 00000933 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-09-23 18:59 - 2014-04-01 18:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-23 18:59 - 2013-09-11 08:12 - 00000000 ____D () C:\ProgramData\Skype
2014-09-21 15:15 - 2014-08-28 18:03 - 00000000 ____D () C:\Users\admin\Desktop\für POSTBOX
2014-09-21 14:43 - 2013-08-23 20:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 22:07 - 2013-10-18 14:59 - 00000000 ____D () C:\ProgramData\32nd America's Cup
2014-09-16 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-16 12:53 - 2013-11-25 16:35 - 00000000 ____D () C:\Users\admin\Desktop\für ARCHIVDATA
2014-09-15 08:27 - 2013-08-19 18:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 08:21 - 2012-07-17 14:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 12:45 - 2014-05-05 14:34 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm
2014-09-11 09:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 09:43 - 2013-12-22 11:40 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 13:57 - 2014-05-12 10:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 13:56 - 2013-08-23 20:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:56 - 2013-08-23 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang
2014-09-09 22:02 - 2014-06-13 10:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WiseUpdate
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\ffmpeg15.exe
C:\Users\cz\AppData\Local\Temp\avgnt.exe
C:\Users\nadmin\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 00:51
==================== End Of Log ============================
ADDITION.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by admin at 2014-10-06 21:22:57
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32nd America's Cup Patch1 (HKLM-x32\...\VskAC32_is1) (Version: - Nadeo)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Boxcryptor Classic 1.6 (HKLM-x32\...\{8978A896-993E-451B-81FB-D11CAC402F91}) (Version: 1.6.400.65 - Secomba GmbH)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: - )
BUFFALO TeraStation(WS-VL Series) Setup Guide (HKLM-x32\...\UN110308) (Version: - )
BUFFALO TurboPC EX Series (HKLM-x32\...\UN110613) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version: - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.808 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version: - IdeaMK)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DPM Player (HKLM-x32\...\{BA495217-1475-47A8-AB83-B7DC2A59B49E}) (Version: 1.00.0000 - Philips Speech Processing)
DPMCtrl.dll 2009.3 (HKLM-x32\...\DMPCTRL_is1) (Version: 2009.3 - James M. Voelker)
Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz)
DSS to Wave Converter 2011.1 (HKLM-x32\...\DSS2Wave_is1) (Version: 2011.1 - James M. Voelker)
ELO Pdf Drucker (HKLM-x32\...\{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}) (Version: 8.0 - ELO Digital Office GmbH)
ELOoffice (HKLM-x32\...\{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}) (Version: 9.0 - ELO Digital Office GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HIN Client (HKLM-x32\...\6993-3411-2195-6139) (Version: 1.4.0 - Health Info Net AG)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{312A65D1-64B1-4E81-85C0-85BE743A6550}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM-x32\...\{65038824-6DC7-4A44-828A-D7A7F04CD61B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) PRO/Wireless Driver (Version: 16.10.0000.1228 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.030.01.02.51 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Northspace VSK Courses 1.0 (HKLM-x32\...\{9F4281A5-75F2-43C4-839E-511A715F58CB}_is1) (Version: - Northspace)
NVIDIA 3D Vision Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 276.58 - NVIDIA Corporation)
NVIDIA Control Panel 276.58 (Version: 276.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 276.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.82.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13564 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.3.12 (Version: 1.3.12 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7658 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.3.12 - NVIDIA Corporation) Hidden
Philips DPM Player Hot Fix (HKLM-x32\...\Philips DPM Player Hot Fix_is1) (Version: - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.31.0010.00 - Lenovo Group Limited)
RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
ShakeHands Kontor 2014 Release 11.2.1 (HKLM-x32\...\{868EDAD1-2C43-4E0B-972A-55BFAB0E56E0}}_is1) (Version: - ShakeHands Software Ltd)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.38.0 - 2BrightSparks)
Taxpool-Buchhalter Mini 8.20 (HKLM-x32\...\Taxpool-Buchhalter Mini) (Version: 8.20 - psynetic® Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Audio Converter (HKCU\...\Digital Sites) (Version: - Update for Audio Converter) <==== ATTENTION
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.23 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.23 - WiseCleaner.com, Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2727355821-1189829001-2483972847-1001_Classes\CLSID\{F5DF8D65-559D-4b75-8562-5302BD2F5F20}\InprocServer32 -> C:\Users\admin\AppData\Roaming\2XClient\TuxClientSystem.dll (2X Software Ltd.)
==================== Restore Points =========================
22-09-2014 04:00:11 Windows-Sicherung
23-09-2014 04:00:10 Windows-Sicherung
24-09-2014 06:57:08 Windows Update
24-09-2014 06:57:26 Windows-Sicherung
25-09-2014 07:21:16 Windows-Sicherung
26-09-2014 08:56:39 Windows-Sicherung
01-10-2014 15:23:33 Windows-Sicherung
02-10-2014 01:00:12 Windows Update
06-10-2014 04:00:14 Windows-Sicherung
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {016EDBE6-7142-48BE-B625-2E27458372BA} - System32\Tasks\{C4C7140F-FA99-42CF-8CFA-8C91D3A43985} => C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
Task: {08A4438C-B0FF-4CA7-ACBB-1372E95ACD9B} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {098BBB6E-C9BE-4B51-AE21-042880E6C468} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {162C5A7F-52FB-48B6-9145-A198BE6FEAF1} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {255FDC70-F297-4E67-AB0E-562B2D75519C} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {45A6DF59-FFC9-4CD8-B3E1-8AC820456C01} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {47E8C257-BC97-41D7-935E-C584358276B5} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {4E825668-3EC3-4118-B503-EECBDB5421CF} - System32\Tasks\Driver Whiz-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {5AF432A6-7863-498A-A247-889BE6D7D92E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {622D35A6-C21E-4D89-BF66-7C71B3BC42D1} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {65E72476-F31C-436E-95D0-A67DFDD66AB6} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {6675D8CF-9B28-4CEB-ABA3-4BDCD777285E} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {80B53E5E-7FFE-44D6-9979-E42E591BF8AF} - System32\Tasks\Driver Whiz-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {96E0118B-8B97-403B-95D2-F2E05DCF5A84} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9E381594-8B29-4EAF-B0F6-54F91AFA725B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {A20B1E84-E43E-48D3-8B49-CC39983003D7} - System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {A2343AFA-0720-4AD1-9F70-EE2620821137} - System32\Tasks\Driver Whiz-RTMScanRunOnce => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {B2089EDE-154D-41FF-B014-8AD072A51D18} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {B27C9916-1D0D-43E6-9719-FDF1C4DFFA11} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {B41FE74A-40FF-4F59-A7CA-A8246B9BA408} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {C4886425-9EC2-40D9-94D7-8299C6AFD210} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2010-12-11] (Lenovo Limited Group Corporation)
Task: {C644179C-EF57-4C69-B214-B24967A287A8} - System32\Tasks\Driver Whiz-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {C948B737-2ABE-433D-B0FF-B55CA0141858} - System32\Tasks\Digital Sites => C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {CAC2D343-46CA-41B7-A4DE-D596DFDA6BEE} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-10] ()
Task: {CC24DBE3-F751-462A-B1F4-0B24A5FD4AF3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {CE9301A4-8DA2-4FC1-B1E5-1F2227BC968D} - System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {DD020A19-F1CF-40A6-8A52-71FBC30B2CDD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {E07505AC-1D38-4B60-A771-0419931A1158} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {EBA0FC2C-7CDB-4CBA-B5B4-67FD4437D7A1} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited)
Task: {F25DF6A3-E502-4DEA-B35B-6A8B9A8516F1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {F4082DC2-0577-4574-B104-567B6C5BEB98} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {F417C958-E224-46CE-869F-6681179C0ECA} - System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {F802ACC2-3676-4D5F-9574-EE6557A78A5C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {FB5F56B2-7B62-4C68-AD89-2BC74C07F52D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {FD30C93A-C399-4C61-A929-8FACA6ACE19F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2011-04-16 09:37 - 2014-03-07 06:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2009-05-28 07:09 - 2009-05-28 07:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2013-09-19 10:00 - 2013-09-19 10:00 - 00684416 ____N () C:\Program Files (x86)\Driver Whiz\Driver Whiz\ThemePack.DriverWhiz.dll
2013-09-19 09:31 - 2013-09-19 09:31 - 00412064 ____N () C:\Program Files (x86)\Driver Whiz\Driver Whiz\Agent.Communication.XmlSerializers.dll
2026-04-19 14:06 - 2014-05-01 21:29 - 00098304 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\fzshellext_64.dll
2012-07-17 14:22 - 2011-01-26 21:31 - 00615016 ____N () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2014-10-06 21:12 - 2014-10-06 21:13 - 00050477 _____ () C:\Users\admin\Desktop\Defogger.exe
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 ____N () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2011-04-16 09:33 - 2011-05-27 02:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 ____N () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 ____N () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2026-04-19 16:51 - 2014-05-24 18:41 - 00091648 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2026-04-19 16:51 - 2014-05-24 18:41 - 00892416 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\libstdc++-6.dll
2026-04-20 04:17 - 2014-08-27 23:02 - 01042232 _____ () F:\Programme\LibreOfficePortable\program\libxml2.dll
2026-04-20 04:17 - 2014-08-27 23:02 - 00183096 _____ () F:\Programme\LibreOfficePortable\program\libxslt.dll
2026-04-20 04:17 - 2014-08-27 23:03 - 00080696 _____ () F:\Programme\LibreOfficePortable\program\python3.dll
2026-04-20 04:16 - 2014-08-27 20:17 - 00049152 _____ () F:\Programme\LibreOfficePortable\program\python-core-3.3.3\lib\_socket.pyd
2014-09-25 11:33 - 2014-09-25 11:33 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-03-04 22:16 - 2012-03-04 22:16 - 00249664 ____N () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2014-09-10 13:56 - 2014-09-10 13:56 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
admin (S-1-5-21-2727355821-1189829001-2483972847-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2727355821-1189829001-2483972847-500 - Administrator - Disabled)
Gast (S-1-5-21-2727355821-1189829001-2483972847-501 - Limited - Disabled)
nadmin (S-1-5-21-2727355821-1189829001-2483972847-1003 - Administrator - Enabled)
UpdatusUser (S-1-5-21-2727355821-1189829001-2483972847-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/05/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/04/2014 02:50:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: lpu_lib.dll, Version: 1.4.0.1, Zeitstempel: 0x51f0e093
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000001f67e
ID des fehlerhaften Prozesses: 0x1b08
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (10/03/2014 03:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x474
Startzeit der fehlerhaften Anwendung: 0xavfwsvc.exe0
Pfad der fehlerhaften Anwendung: avfwsvc.exe1
Pfad des fehlerhaften Moduls: avfwsvc.exe2
Berichtskennung: avfwsvc.exe3
Error: (10/03/2014 08:27:55 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/02/2014 09:51:58 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/01/2014 05:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Name des fehlerhaften Moduls: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ce14
ID des fehlerhaften Prozesses: 0x758
Startzeit der fehlerhaften Anwendung: 0xavfwsvc.exe0
Pfad der fehlerhaften Anwendung: avfwsvc.exe1
Pfad des fehlerhaften Moduls: avfwsvc.exe2
Berichtskennung: avfwsvc.exe3
Error: (09/29/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/28/2014 00:51:29 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/27/2014 02:33:42 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/26/2014 07:33:01 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
System errors:
=============
Error: (10/04/2014 09:46:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.10.2014 um 17:40:04 unerwartet heruntergefahren.
Error: (10/03/2014 05:41:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.
Error: (10/03/2014 05:41:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.
Error: (10/03/2014 03:47:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.
Error: (10/03/2014 03:46:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.
Error: (10/03/2014 03:45:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira FireWall" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/01/2014 05:13:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira FireWall" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/27/2014 02:22:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (09/26/2014 10:32:24 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error: (09/26/2014 10:16:58 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Microsoft Office Sessions:
=========================
Error: (10/05/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (10/04/2014 02:50:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4lpu_lib.dll1.4.0.151f0e09340000015000000000001f67e1b0801cfdfc57fced127C:\Windows\explorer.exeC:\Program Files\Common Files\Lenovo\lpu\lpu_lib.dllf996e42a-4bc4-11e4-811f-d158c8705188
Error: (10/03/2014 03:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avfwsvc.exe14.0.6.52253bec7f9ntdll.dll6.1.7601.18247521ea8e7c0000005000222d247401cfdf1045439099C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exeC:\Windows\SysWOW64\ntdll.dll956b4942-4b03-11e4-b13c-c5168adeea84
Error: (10/03/2014 08:27:55 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (10/02/2014 09:51:58 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (10/01/2014 05:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avfwsvc.exe14.0.6.52253bec7f9avfwsvc.exe14.0.6.52253bec7f9c00000050000ce1475801cfdd8a3674ffc4C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe87228278-497d-11e4-b8ca-fd0ae5dde382
Error: (09/29/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (09/28/2014 00:51:29 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (09/27/2014 02:33:42 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (09/26/2014 07:33:01 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: \\Zentrale\data\downloads\FileZilla_3.8.0_win32-setup.exe\\Zentrale\data\downloads\FileZilla_3.8.0_win32-setup.exe0
CodeIntegrity Errors:
===================================
Date: 2014-09-26 15:47:14.696
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-05 18:21:39.027
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-20 19:14:17.895
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-06 19:56:56.218
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-04 14:20:29.577
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 19:08:09.864
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 18:54:27.128
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 18:25:25.378
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 17:17:47.606
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-20 20:53:48.089
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3979.23 MB
Available physical RAM: 1780.66 MB
Total Pagefile: 7956.65 MB
Available Pagefile: 5331.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:281.29 GB) (Free:202.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (GA EINS) (Removable) (Total:29.5 GB) (Free:15.25 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.63 GB) (Free:2.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 80047904)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
GMER.log Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-06 23:34:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.GHBZ 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\fflyauog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035f7000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582 fffff800035f7036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000174200 7 bytes [40, A3, F3, FF, 01, B5, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000174208 3 bytes [C0, 06, 02]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4fee0d8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4fee0d8@544408ccf045 0x45 0x33 0xED 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9f723f2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9fdaaf5
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???U???????U#???? ???????U?????U???????,????????4?7?D???????????????????????????????????????????????srvnet?47F??????????????AP??????????????`????????????-????N??i????????D??1???1??????????? ???????U?????????????,??????????????#?????? &??????????????????????????????????????????????d???c?d?U??Microsoft???? ???????U?????U???????,????????4?8?D???????????????????????????????????????storflt??4???????????????????????????????d??os??t???? ???????U?????????????,??????????????#?????tcpipreg?0??????0???????????????????ta???????????`?`?Z????h??????W?gcf???????U???????????z?{???????U#???? ???????T ????????????,??????????V?&???????????????????????\\?\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#12083000000278&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}???????????????????????????18?????????0???????????????????????????? ?????????????????????????????????????????????????????????? ??????????????????? ???????s?????oem??? *??b?????????l????USB?CD??????????????????????? 6??_???s?????D?????????????:?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4fee0d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4fee0d8@544408ccf045 0x45 0x33 0xED 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9f723f2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9fdaaf5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???n??????????????????????????????????`??v?????????e????Mausklassentreiber??????????????????????????.NTAMD64?????????????????????????????&??DiskDrive???Microsoft?????<??n????????????????B??r?????????e??????`???????????????&??n?????????e????1.9??>???????????????n?????t????????????????1-?????????????????????????????k???k??????8???????????h?????????te??system32\DRIVERS\HECIx64.sys???????????????g?????????????n??@%systemroot%\system32\drivers\luafv.sys,-101?????:??n???4????h???????N??????C????D1CB??NWIM?????????????????????i?????????e?????n???v????N?????????????????COM11???1???Extended base???system32\DRIVERS\mouclass.sys?ouclass.sys?????b??n?????????e????System Bus Extender?????????????????t???????????????t????????????????????n??????????????????9A??? ???????n???????? ????,?????? ????????S?'???????????????????????????n????????h??????????????4??4???????????????????????????????????t?????????????????????????????????????????P??n????????h??????n???n???????????????????????s??ep???o??????<??????????????n?????????????e?
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\admin\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
07.10.2014, 08:26
| #2 |
| /// the machine /// TB-Ausbilder    | Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
07.10.2014, 11:32
| #3 |
| | Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Hi Schrauber.
__________________Hier die Combofix.txt Code:
ATTFilter ComboFix 14-10-04.01 - admin 07.10.2014 9:59.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3979.1706 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Local
c:\programdata\Roaming
C:\root
c:\root\wpfdot.exe
c:\users\admin\AppData\Roaming\2XBasicClientLog.txt
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
c:\windows\SysWow64\SET8F6C.tmp
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-07 bis 2014-10-07 ))))))))))))))))))))))))))))))
.
.
2014-10-07 08:08 . 2014-10-07 08:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-10-07 08:08 . 2014-10-07 08:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-07 07:42 . 2014-10-07 07:42 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-10-06 19:18 . 2014-10-06 19:23 -------- d-----w- C:\FRST
2014-10-01 15:19 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 15:19 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-26 17:35 . 2014-09-26 17:35 -------- d-----w- c:\users\admin\AppData\Local\ProSaldo
2014-09-26 17:34 . 2014-09-26 17:34 -------- d-----w- C:\Programme
2014-09-23 23:14 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-23 23:14 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-23 16:59 . 2014-09-23 16:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-23 16:59 . 2014-09-23 16:59 -------- d-----r- c:\program files (x86)\Skype
2014-09-17 13:07 . 2014-09-17 13:07 -------- d-----w- c:\users\admin\.jfreereport
2014-09-11 07:44 . 2014-08-18 23:01 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-09-11 07:42 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-11 07:42 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 07:17 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-11 07:17 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 07:13 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-11 07:13 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-11 07:12 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-11 07:12 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-11 07:12 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-11 07:12 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-11 07:12 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-09 19:17 . 2014-09-13 16:21 -------- d-----w- c:\users\admin\AppData\Roaming\2XClient
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 06:21 . 2012-07-17 12:00 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-10 11:56 . 2013-08-23 18:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 11:56 . 2013-08-23 18:36 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-30 19:21 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 12:56 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 12:56 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 12:56 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 08:24 . 2014-05-05 12:22 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2014-07-16 08:24 . 2014-06-25 05:50 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2014-07-16 08:24 . 2014-05-05 12:22 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-07-16 08:24 . 2014-05-05 12:22 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-07-16 08:24 . 2014-06-25 05:50 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2014-07-14 02:02 . 2014-08-14 08:14 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 08:14 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388}"
[HKEY_CLASSES_ROOT\CLSID\{E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388}]
2013-07-03 10:21 156520 ------w- c:\windows\SysWOW64\cbfsMntNtf4.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe" [2014-09-12 759712]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-03-07 6633304]
"X-Rite Legacy Device"="c:\program files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe" [2010-09-28 105984]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-30 751184]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"HIN Client"="c:\program files (x86)\HIN Client\hinclient.exe" [2013-11-28 243432]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]
"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2014-03-14 432472]
.
c:\users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8100\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2ADBVJCW05MX;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe /startup [2013-3-29 1945700]
FRITZ!Fernzugang.lnk - c:\program files\FRITZ!Fernzugang\FRITZVPN.exe [2013-6-17 2700640]
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2009-5-15 206128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2013-5-14 1395416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1894063F-D990-48F1-9E09-1B7337AF5955}"= "c:\windows\SysWOW64\cbfsMntNtf4.dll" [2013-07-03 156520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator-cbfs4"= {1894063F-D990-48F1-9E09-1B7337AF5955} - c:\windows\SysWOW64\cbfsMntNtf4.dll [2013-07-03 156520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-484763869-1060284298-1114\Scripts\Logoff\0\0]
"Script"=ende.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-484763869-1060284298-1114\Scripts\Logon\0\0]
"Script"=start.bat
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;c:\windows\system32\drivers\bftpusbx64.sys;c:\windows\SYSNATIVE\drivers\bftpusbx64.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys;c:\windows\SYSNATIVE\DRIVERS\swumx80.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys;c:\windows\SYSNATIVE\DRIVERS\wtsmpadap.sys [x]
R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys;c:\windows\SYSNATIVE\DRIVERS\wtsmpflt.sys [x]
R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
R4 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [x]
R4 tpcexdccs;TurboPC EX DiskCache Control Service;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;c:\windows\system32\drivers\bftpdskc64.sys;c:\windows\SYSNATIVE\drivers\bftpdskc64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys;c:\windows\SYSNATIVE\drivers\cbfs4.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe;c:\program files\FRITZ!Fernzugang\avmike.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe;c:\program files\FRITZ!Fernzugang\certsrv.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TC2Service;TurboPC EX FileCopy Service;c:\windows\system32\TC2Service.exe;c:\windows\SYSNATIVE\TC2Service.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 xritedeviced;X-Rite Device Manager;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys;c:\windows\SYSNATIVE\DRIVERS\avmnwim.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 vpnpbus;EldoS PnP Virtual Bus driver;c:\windows\system32\DRIVERS\vpnpbus.sys;c:\windows\SYSNATIVE\DRIVERS\vpnpbus.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 11:57]
.
2014-10-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-09 22:52]
.
2014-10-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-09 22:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388}"
[HKEY_CLASSES_ROOT\CLSID\{E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388}]
2013-07-03 10:22 182632 ------w- c:\windows\System32\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2014-02-17 384344]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 60920]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-03-14 63832]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"tpcexTray"="c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe" [2013-09-25 77368]
"TC2Tray"="c:\windows\system32\TC2Tray.exe" [2012-07-18 629656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-30 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-30 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-30 442352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1894063F-D990-48F1-9E09-1B7337AF5955}"= "c:\windows\system32\cbfsMntNtf4.dll" [2013-07-03 182632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - c:\program files (x86)\ELOoffice\EloArcConnect.exe
IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - c:\program files (x86)\ELOoffice\EloInternetExplorer.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.19
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5016
FF - prefs.js: network.proxy.type - 1
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
SSODL-EldosMountNotificator-cbfs4 REG_SZ {1894063F-D990-48F1-9E09-1B7337AF5955}- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Lenovo\Lenovo Solution Center\LSCNotify.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-07 10:14:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-10-07 08:14
.
Vor Suchlauf: 14 Verzeichnis(se), 215.641.706.496 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 215.191.527.424 Bytes frei
.
- - End Of File - - 70F2B9F7B6FDDF2FEF7193135B503BE9
Habe den Rechner "alleine" gelassen für ca. 30 Minuten, in der Zeit hat ein Absturz stattgefunden. Die in der Windoiws-Meldung erwähnten Dateien minidump (dmp) und WER-xxx.sysdata.xml lassen sich nicht öffnen (Zugriff verweigert). Soll ich versuchen, diese Dateien zu posten? Danke. chic (o |
|
08.10.2014, 11:12
| #4 |
| /// the machine /// TB-Ausbilder | Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2014, 16:38
| #5 |
| | Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Moinmoin oder Servus. Sorry, habe ein bisschen länger gebraucht. Sehr gerne: mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08.10.2014 Scan Time: 13:17:09 Logfile: mbam.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.08.03 Rootkit Database: v2014.09.19.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: admin Scan Type: Threat Scan Result: Completed Objects Scanned: 460489 Time Elapsed: 14 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 5 PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [0d3679998bf155e1e480587c06fced13], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2727355821-1189829001-2483972847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [ab988e849edefd3981285f38be44b34d], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [043f7a98bebe989ea0f273aeda292fd1], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2727355821-1189829001-2483972847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [e0638c86fb811d19de34c680cd362dd3], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2727355821-1189829001-2483972847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [2c17a072fc8033030c856ab730d327d9], Registry Values: 1 PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2727355821-1189829001-2483972847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [e0638c86fb811d19de34c680cd362dd3] Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.SystemSpeedup, C:\Users\admin\AppData\Roaming\Systweak\ssd, Quarantined, [083bab67d1abbd79f40f15e879891ae6], PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc, Quarantined, [85bed24073094fe78767dc2534cf738d], Files: 4 PUP.Optional.Outbrowse, C:\Users\admin\Downloads\Java.exe, Quarantined, [c47f6ca669131d1936361b73e61e01ff], PUP.Optional.OpenCandy, C:\Users\admin\Downloads\FreeFileSync_6.4_Windows_Setup.exe, Quarantined, [a3a0a66c0f6dba7ca7c7ba82c83d867a], PUP.Optional.OpenCandy, C:\Users\admin\Downloads\FreeFileSync_6.9_Windows_Setup.exe, Quarantined, [a79c759da8d4e353016dc478f510df21], PUP.Optional.SystemSpeedup, C:\Users\admin\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, [083bab67d1abbd79f40f15e879891ae6], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 08/10/2014 um 14:15:48
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : admin - ZI_PORTABLE
# Gestartet von : C:\Users\admin\Desktop\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\admin\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\admin\Documents\Mobogenie
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\admin\daemonprocess.txt
Datei Gelöscht : C:\Users\nadmin\AppData\Roaming\Mozilla\Firefox\Profiles\tij56hem.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\prefs.js ]
[ Datei : C:\Users\nadmin\AppData\Roaming\Mozilla\Firefox\Profiles\tij56hem.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2478 octets] - [08/10/2014 13:56:13]
AdwCleaner[S0].txt - [2288 octets] - [08/10/2014 14:15:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2348 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Professional x64
Ran by admin on 08.10.2014 at 14:21:58,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\admin\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{11D9AFC5-7E63-44F1-9D78-42846E04366C}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{1D9BD776-A830-45FF-9B4D-4C888FD93D0C}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{3DA70979-8D38-4550-AFA4-3C8CCE611F09}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{3E4173E6-87FB-4EDB-9068-B97C350B32FD}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{5BF11B54-8D03-48F6-AA46-A1E426F1F99E}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{9918A404-E2EB-499F-B70B-B8B9DC8E9F5C}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{A1D754FD-AACC-4356-8E62-0B50477C7288}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{F40EA0CD-A94B-4543-96FB-8EBC30EB6663}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{F412292C-54A2-4A16-ACB9-DB71960FC02E}
~~~ FireFox
Successfully deleted the following from C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\oqj5821y.default\prefs.js
user_pref("browser.search.useDBForOrder", true);
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\oqj5821y.default\minidumps [102 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.10.2014 at 14:25:58,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by admin (administrator) on ZI_PORTABLE on 08-10-2014 14:36:24 Running from C:\Users\admin\Desktop Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (BUFFALO INC.) C:\Windows\System32\TC2Service.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Lenovo.) C:\Windows\System32\TpShocks.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (BUFFALO INC.) C:\Windows\System32\TC2Tray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (Health Info Net AG) C:\Program Files (x86)\HIN Client\hinclient.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [tpcexTray] => C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [77368 2013-09-25] (BUFFALO INC.) HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.) HKLM-x32\...\Run: [HIN Client] => C:\Program Files (x86)\HIN Client\hinclient.exe [243432 2013-11-28] (Health Info Net AG) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.) HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432472 2014-03-14] (Lenovo) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated) HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [241472 2012-03-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202560 2012-03-05] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk ShortcutTarget: FRITZ!Fernzugang.lnk -> C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.) SSODL: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.19 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default FF SearchEngineOrder.1: Ask Search FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 5016 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-eng-deu-v20.xml FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-fra-deu.xml FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-ita-deu.xml FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-por-deu.xml FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-spa-deu.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HP Smart Print - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\hpwebprint@hpwebprint.com [2013-11-27] FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-11-27] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-16] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-10-07] (Avira Operations GmbH & Co. KG) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin) R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-07] (Lenovo.) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] () S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.) R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin) R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.) S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed] S4 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134712 2013-09-25] (BUFFALO INC.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB) R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-11] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-11] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.) S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation) S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB) S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation) S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation) S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation) S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation) S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation) R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-04-16] () R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated) S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-06-18] () S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [196608 2008-06-24] (Sierra Wireless Inc.) S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [191744 2008-06-24] (Sierra Wireless Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation) S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2008-04-29] (Swisscom) S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [378664 2008-04-29] (Swisscom) S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-08 14:36 - 2014-10-08 14:36 - 00027250 _____ () C:\Users\admin\Desktop\FRST.txt 2014-10-08 14:25 - 2014-10-08 14:25 - 00002029 _____ () C:\Users\admin\Desktop\JRT.txt 2014-10-08 14:21 - 2014-10-08 14:21 - 00000000 ____D () C:\Windows\ERUNT 2014-10-08 14:20 - 2014-10-08 14:20 - 00002432 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt 2014-10-08 14:14 - 2014-10-08 14:14 - 01705141 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe 2014-10-08 14:12 - 2014-10-08 14:12 - 00002478 _____ () C:\Users\admin\Desktop\AdwCleaner[R0].txt 2014-10-08 14:03 - 2014-10-08 14:03 - 00000629 _____ () C:\Users\admin\Desktop\TRANSFERS.lnk 2014-10-08 13:56 - 2014-10-08 14:20 - 00000000 ____D () C:\AdwCleaner 2014-10-08 13:52 - 2014-10-08 13:52 - 01375089 _____ () C:\Users\admin\Desktop\AdwCleaner_3.311.exe 2014-10-08 13:51 - 2014-10-08 13:51 - 00002846 _____ () C:\mbam.txt 2014-10-08 13:16 - 2014-10-08 14:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-08 13:16 - 2014-10-08 13:16 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-08 13:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-08 13:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-08 13:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-08 13:11 - 2014-10-08 13:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\admin\Desktop\mbam-setup-2.0.2.1012.exe 2014-10-07 12:18 - 2014-10-07 12:18 - 01957888 _____ () C:\Windows\Minidump\100714-15303-01.dmp 2014-10-07 10:27 - 2014-10-07 10:27 - 00000101 ____H () C:\.~lock.ComboFix.txt# 2014-10-07 10:14 - 2014-10-07 10:14 - 00032617 _____ () C:\ComboFix.txt 2014-10-07 09:57 - 2014-10-07 10:14 - 00000000 ____D () C:\Qoobox 2014-10-07 09:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-07 09:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-07 09:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-07 09:56 - 2014-10-07 10:13 - 00000000 ____D () C:\Windows\erdnt 2014-10-07 09:55 - 2014-10-07 09:55 - 05582481 _____ (Swearware) C:\Users\admin\Downloads\ComboFix(1).exe 2014-10-07 09:42 - 2014-10-07 09:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-07 08:47 - 2014-10-07 08:47 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2014-10-06 23:48 - 2014-10-06 23:48 - 00462288 _____ () C:\Windows\Minidump\100614-14710-01.dmp 2014-10-06 21:18 - 2014-10-08 14:36 - 00000000 ____D () C:\FRST 2014-10-06 21:16 - 2014-10-06 21:16 - 02109952 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2014-10-06 21:14 - 2014-10-06 21:14 - 00000000 _____ () C:\Users\admin\defogger_reenable 2014-10-04 09:46 - 2014-10-04 09:46 - 00000000 _____ () C:\Windows\Minidump\100414-15568-01.dmp 2014-10-01 17:19 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 17:19 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-26 19:35 - 2014-09-26 19:35 - 00001697 _____ () C:\Users\Public\Desktop\ShakeHands Kontor 2014.lnk 2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\Users\admin\AppData\Local\ProSaldo 2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShakeHands 2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Users\admin\Documents\ProSaldo 2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Programme 2014-09-25 17:43 - 2014-09-25 17:43 - 43868392 _____ (Health Info Net AG) C:\Users\admin\Downloads\hin_client_windows.exe 2014-09-25 11:33 - 2014-09-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 01:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 01:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 19:21 - 2014-09-23 19:21 - 00000082 _____ () C:\Windows\odbc_merge.INI 2014-09-23 19:17 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\admin\Documents\Taxpool-Buchhalter 2014-09-23 19:07 - 2014-09-23 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{56643D1F-761C-478F-A31F-24E83B3880B1} 2014-09-23 19:01 - 2014-09-23 19:01 - 63249048 _____ () C:\Users\admin\Downloads\taxpool_buchhalter_mini_installation.exe 2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-21 10:55 - 2014-09-21 10:55 - 00000000 _____ () C:\Windows\Minidump\092114-15210-01.dmp 2014-09-17 15:07 - 2014-09-17 15:07 - 00000000 ____D () C:\Users\admin\.jfreereport 2014-09-16 18:55 - 2014-10-08 14:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-09-16 12:54 - 2014-09-23 19:04 - 00001972 _____ () C:\Users\admin\Documents\SyncSettings_F_DESKTOP_FUER_ARCHIV.ffs_gui 2014-09-16 12:38 - 2014-09-16 12:38 - 00000000 _____ () C:\Windows\Minidump\091614-15022-01.dmp 2014-09-14 04:39 - 2014-09-23 19:04 - 00001942 _____ () C:\Users\admin\Documents\SyncSettings_F_NAS2.ffs_gui 2014-09-13 18:10 - 2014-09-13 18:10 - 00000000 ____D () C:\Users\admin\Documents\2XPDFStore 2014-09-12 10:38 - 2014-09-12 10:41 - 224940032 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86.msi 2014-09-12 10:38 - 2014-09-12 10:38 - 07393280 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86_helppack_de.msi 2014-09-11 09:45 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 09:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 09:45 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 09:45 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 09:45 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 09:45 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 09:45 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 09:45 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 09:45 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 09:45 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 09:45 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 09:45 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 09:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 09:45 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 09:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 09:45 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 09:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 09:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 09:45 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 09:45 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 09:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 09:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 09:45 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 09:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 09:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 09:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 09:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 09:45 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 09:45 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 09:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 09:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 09:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 09:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 09:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 09:44 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 09:44 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 09:44 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 09:44 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 09:44 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 09:44 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 09:44 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 09:44 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 09:44 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 09:44 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 09:44 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 09:44 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 09:44 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 09:44 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 09:44 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 09:44 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 09:44 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 09:44 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 09:44 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 09:44 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 09:44 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 09:44 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 09:42 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 09:42 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-11 09:17 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-11 09:17 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-11 09:13 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 09:13 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-11 09:12 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 09:12 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 09:12 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-11 09:12 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-11 09:12 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 17:35 - 2014-09-10 17:35 - 00000962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-09-10 16:15 - 2014-09-10 16:15 - 06057862 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.9.0.5_win32-setup.exe 2014-09-09 22:04 - 2014-09-09 22:04 - 00000112 _____ () C:\Windows\system32\snetcfg.log 2014-09-09 22:00 - 2014-09-09 22:00 - 03784904 _____ (WiseCleaner.com ) C:\Users\admin\Downloads\WPCASetup.exe 2014-09-09 21:17 - 2014-09-13 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\2XClient 2014-09-09 21:17 - 2014-09-09 21:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2X 2014-09-09 21:08 - 2014-09-09 21:08 - 00003062 _____ () C:\Windows\System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1} 2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98} 2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-08 14:37 - 2011-04-16 09:42 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-10-08 14:34 - 2011-04-16 09:42 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-10-08 14:29 - 2009-07-14 06:51 - 00173392 _____ () C:\Windows\setupact.log 2014-10-08 14:24 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-08 14:24 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-08 14:21 - 2011-04-16 09:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-10-08 14:21 - 2011-04-16 09:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-10-08 14:21 - 2011-04-16 09:19 - 01715827 _____ () C:\Windows\WindowsUpdate.log 2014-10-08 14:21 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-08 14:20 - 2013-09-11 08:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype 2014-10-08 14:17 - 2011-04-16 09:35 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-08 14:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-08 14:16 - 2011-04-16 09:36 - 00192580 _____ () C:\Windows\PFRO.log 2014-10-08 14:15 - 2013-08-19 13:51 - 00000000 ____D () C:\Users\admin 2014-10-08 14:05 - 2013-08-19 13:53 - 00000000 ____D () C:\Users\admin\AppData\Local\Lenovo 2014-10-08 13:56 - 2014-05-12 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-08 13:38 - 2009-07-24 19:29 - 00000000 ____D () C:\Windows\Panther 2014-10-08 13:37 - 2014-02-10 19:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla 2014-10-08 13:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-10-08 13:12 - 2014-04-20 10:37 - 00000000 ____D () C:\Users\admin\Desktop\verwaltung 2014-10-07 12:34 - 2013-09-11 16:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-07 12:34 - 2013-09-11 16:25 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 12:34 - 2013-09-11 16:25 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-07 12:18 - 2014-09-05 18:51 - 535049227 _____ () C:\Windows\MEMORY.DMP 2014-10-07 12:18 - 2013-12-22 21:07 - 00000000 ____D () C:\Windows\Minidump 2014-10-07 10:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-07 10:08 - 2009-07-14 04:34 - 69992448 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-10-07 10:08 - 2009-07-14 04:34 - 24379392 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-10-07 10:08 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-10-07 10:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-10-07 10:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-10-07 08:47 - 2014-07-15 18:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\LSC 2014-10-07 08:47 - 2012-07-17 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo 2014-10-07 08:47 - 2011-04-16 09:23 - 00000000 ____D () C:\Program Files\Lenovo 2014-10-07 08:46 - 2011-04-16 09:42 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-10-06 22:54 - 2014-06-12 11:34 - 00000085 _____ () C:\Users\admin\AppData\Roaming\WB.CFG 2014-10-06 10:06 - 2013-11-27 17:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\HpUpdate 2014-10-04 13:38 - 2014-05-07 23:35 - 00001863 _____ () C:\Users\admin\Desktop\20140512_RA_007_SVA_Bern_11341.lnk 2014-10-04 10:52 - 2014-02-19 07:56 - 00000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND 2014-09-29 18:16 - 2013-09-29 17:26 - 00002282 ____H () C:\Users\admin\Documents\Default.rdp 2014-09-29 17:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-09-29 11:46 - 2014-05-05 14:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-09-25 19:02 - 2013-08-19 14:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe 2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client.lnk 2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client Deinstallationsprogramm.lnk 2014-09-25 17:58 - 2013-10-27 11:40 - 00000000 ____D () C:\Program Files (x86)\HIN Client 2014-09-25 16:42 - 2013-08-19 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 18:26 - 2014-02-16 15:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2014-09-24 18:26 - 2014-02-16 15:37 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2014-09-24 18:26 - 2014-02-16 15:37 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2014-09-24 15:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-23 19:04 - 2014-08-20 16:42 - 00001945 _____ () C:\Users\admin\Documents\SyncSettings_F_ZENTRALE.ffs_gui 2014-09-23 19:03 - 2014-06-20 10:34 - 00000943 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk 2014-09-23 19:03 - 2014-06-20 10:34 - 00000933 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk 2014-09-23 19:03 - 2014-04-17 18:11 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk 2014-09-23 19:03 - 2014-04-17 18:11 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk 2014-09-23 18:59 - 2014-04-01 18:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-23 18:59 - 2013-09-11 08:12 - 00000000 ____D () C:\ProgramData\Skype 2014-09-21 15:15 - 2014-08-28 18:03 - 00000000 ____D () C:\Users\admin\Desktop\für POSTBOX 2014-09-21 14:43 - 2013-08-23 20:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-18 22:07 - 2013-10-18 14:59 - 00000000 ____D () C:\ProgramData\32nd America's Cup 2014-09-16 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-16 12:53 - 2013-11-25 16:35 - 00000000 ____D () C:\Users\admin\Desktop\für ARCHIVDATA 2014-09-15 08:27 - 2013-08-19 18:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-15 08:21 - 2012-07-17 14:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-12 12:45 - 2014-05-05 14:34 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm 2014-09-11 09:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-11 09:43 - 2013-12-22 11:40 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 13:57 - 2014-05-12 10:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 13:56 - 2013-08-23 20:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-10 13:56 - 2013-08-23 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang 2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang 2014-09-09 22:02 - 2014-06-13 10:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WiseUpdate Some content of TEMP: ==================== C:\Users\admin\AppData\Local\Temp\avgnt.exe C:\Users\admin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 00:51 ==================== End Of Log ============================ Brauchst Du die ADDITION auch? Sicherheitshalber: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by admin at 2014-10-08 14:37:20
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32nd America's Cup Patch1 (HKLM-x32\...\VskAC32_is1) (Version: - Nadeo)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Boxcryptor Classic 1.6 (HKLM-x32\...\{8978A896-993E-451B-81FB-D11CAC402F91}) (Version: 1.6.400.65 - Secomba GmbH)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: - )
BUFFALO TeraStation(WS-VL Series) Setup Guide (HKLM-x32\...\UN110308) (Version: - )
BUFFALO TurboPC EX Series (HKLM-x32\...\UN110613) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version: - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.808 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version: - IdeaMK)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DPM Player (HKLM-x32\...\{BA495217-1475-47A8-AB83-B7DC2A59B49E}) (Version: 1.00.0000 - Philips Speech Processing)
DPMCtrl.dll 2009.3 (HKLM-x32\...\DMPCTRL_is1) (Version: 2009.3 - James M. Voelker)
Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz)
DSS to Wave Converter 2011.1 (HKLM-x32\...\DSS2Wave_is1) (Version: 2011.1 - James M. Voelker)
ELO Pdf Drucker (HKLM-x32\...\{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}) (Version: 8.0 - ELO Digital Office GmbH)
ELOoffice (HKLM-x32\...\{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}) (Version: 9.0 - ELO Digital Office GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HIN Client (HKLM-x32\...\6993-3411-2195-6139) (Version: 1.4.0 - Health Info Net AG)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{312A65D1-64B1-4E81-85C0-85BE743A6550}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM-x32\...\{65038824-6DC7-4A44-828A-D7A7F04CD61B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) PRO/Wireless Driver (Version: 16.10.0000.1228 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.030.01.02.51 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Northspace VSK Courses 1.0 (HKLM-x32\...\{9F4281A5-75F2-43C4-839E-511A715F58CB}_is1) (Version: - Northspace)
NVIDIA 3D Vision Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 276.58 - NVIDIA Corporation)
NVIDIA Control Panel 276.58 (Version: 276.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 276.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.82.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13564 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.3.12 (Version: 1.3.12 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7658 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.3.12 - NVIDIA Corporation) Hidden
Philips DPM Player Hot Fix (HKLM-x32\...\Philips DPM Player Hot Fix_is1) (Version: - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.31.0010.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
ShakeHands Kontor 2014 Release 11.2.1 (HKLM-x32\...\{868EDAD1-2C43-4E0B-972A-55BFAB0E56E0}}_is1) (Version: - ShakeHands Software Ltd)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.38.0 - 2BrightSparks)
Taxpool-Buchhalter Mini 8.20 (HKLM-x32\...\Taxpool-Buchhalter Mini) (Version: 8.20 - psynetic® Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.23 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.23 - WiseCleaner.com, Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2727355821-1189829001-2483972847-1001_Classes\CLSID\{F5DF8D65-559D-4b75-8562-5302BD2F5F20}\InprocServer32 -> C:\Users\admin\AppData\Roaming\2XClient\TuxClientSystem.dll (2X Software Ltd.)
==================== Restore Points =========================
22-09-2014 04:00:11 Windows-Sicherung
23-09-2014 04:00:10 Windows-Sicherung
24-09-2014 06:57:08 Windows Update
24-09-2014 06:57:26 Windows-Sicherung
25-09-2014 07:21:16 Windows-Sicherung
26-09-2014 08:56:39 Windows-Sicherung
01-10-2014 15:23:33 Windows-Sicherung
02-10-2014 01:00:12 Windows Update
06-10-2014 04:00:14 Windows-Sicherung
07-10-2014 06:35:15 Windows-Sicherung
07-10-2014 06:47:00 Installed Lenovo Solution Center.
07-10-2014 07:44:01 Revo Uninstaller's restore point - Update for Audio Converter
07-10-2014 07:48:53 Revo Uninstaller's restore point - VO Package
08-10-2014 07:29:02 Windows-Sicherung
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-07 10:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {016EDBE6-7142-48BE-B625-2E27458372BA} - System32\Tasks\{C4C7140F-FA99-42CF-8CFA-8C91D3A43985} => C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
Task: {08A4438C-B0FF-4CA7-ACBB-1372E95ACD9B} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {098BBB6E-C9BE-4B51-AE21-042880E6C468} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {10AC1274-37B4-44BB-912B-986A84F9EB5C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {162C5A7F-52FB-48B6-9145-A198BE6FEAF1} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-09-03] ()
Task: {255FDC70-F297-4E67-AB0E-562B2D75519C} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {45A6DF59-FFC9-4CD8-B3E1-8AC820456C01} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {47E8C257-BC97-41D7-935E-C584358276B5} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {4AC1D23B-0EF2-406D-859E-587CDD1DDDDA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
Task: {4E825668-3EC3-4118-B503-EECBDB5421CF} - System32\Tasks\Driver Whiz-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {622D35A6-C21E-4D89-BF66-7C71B3BC42D1} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {65E72476-F31C-436E-95D0-A67DFDD66AB6} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {6675D8CF-9B28-4CEB-ABA3-4BDCD777285E} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {6CEA1429-76EF-4EAC-A298-B89E16E4C644} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: {80B53E5E-7FFE-44D6-9979-E42E591BF8AF} - System32\Tasks\Driver Whiz-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {96E0118B-8B97-403B-95D2-F2E05DCF5A84} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9E381594-8B29-4EAF-B0F6-54F91AFA725B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {A20B1E84-E43E-48D3-8B49-CC39983003D7} - System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {A2343AFA-0720-4AD1-9F70-EE2620821137} - System32\Tasks\Driver Whiz-RTMScanRunOnce => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {B2089EDE-154D-41FF-B014-8AD072A51D18} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {B27C9916-1D0D-43E6-9719-FDF1C4DFFA11} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {B41FE74A-40FF-4F59-A7CA-A8246B9BA408} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {C4886425-9EC2-40D9-94D7-8299C6AFD210} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2010-12-11] (Lenovo Limited Group Corporation)
Task: {C644179C-EF57-4C69-B214-B24967A287A8} - System32\Tasks\Driver Whiz-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {CAC2D343-46CA-41B7-A4DE-D596DFDA6BEE} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-10] ()
Task: {CC24DBE3-F751-462A-B1F4-0B24A5FD4AF3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {CE9301A4-8DA2-4FC1-B1E5-1F2227BC968D} - System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {DD020A19-F1CF-40A6-8A52-71FBC30B2CDD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {EBA0FC2C-7CDB-4CBA-B5B4-67FD4437D7A1} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited)
Task: {F25DF6A3-E502-4DEA-B35B-6A8B9A8516F1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {F4082DC2-0577-4574-B104-567B6C5BEB98} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {F417C958-E224-46CE-869F-6681179C0ECA} - System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {F802ACC2-3676-4D5F-9574-EE6557A78A5C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {FB5F56B2-7B62-4C68-AD89-2BC74C07F52D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {FD30C93A-C399-4C61-A929-8FACA6ACE19F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2011-04-16 09:32 - 2010-10-26 10:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-04-16 09:34 - 2011-03-06 13:07 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-04-16 09:37 - 2014-03-07 06:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2026-04-19 14:06 - 2014-05-01 21:29 - 00098304 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\fzshellext_64.dll
2009-05-28 07:09 - 2009-05-28 07:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 ____N () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2011-04-16 09:33 - 2011-05-27 02:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2011-04-16 09:39 - 2010-04-06 18:05 - 02085888 ____N () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-04-16 09:39 - 2010-04-06 18:04 - 02201088 ____N () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 ____N () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 ____N () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-09-25 11:33 - 2014-09-25 11:33 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-03-04 22:16 - 2012-03-04 22:16 - 00249664 ____N () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2014-09-10 13:56 - 2014-09-10 13:56 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
admin (S-1-5-21-2727355821-1189829001-2483972847-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2727355821-1189829001-2483972847-500 - Administrator - Disabled)
Gast (S-1-5-21-2727355821-1189829001-2483972847-501 - Limited - Disabled)
nadmin (S-1-5-21-2727355821-1189829001-2483972847-1003 - Administrator - Enabled)
UpdatusUser (S-1-5-21-2727355821-1189829001-2483972847-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-07 10:07:32.836
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-07 10:07:32.756
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-26 15:47:14.696
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-05 18:21:39.027
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-20 19:14:17.895
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-06 19:56:56.218
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-04 14:20:29.577
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 19:08:09.864
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 18:54:27.128
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 18:25:25.378
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3979.23 MB
Available physical RAM: 2078.16 MB
Total Pagefile: 7956.65 MB
Available Pagefile: 5576.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:281.29 GB) (Free:199.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (GA EINS) (Removable) (Total:29.5 GB) (Free:15.23 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.63 GB) (Free:2.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 80047904)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Grüsse chic (o |
|
09.10.2014, 10:52
| #6 |
| /// the machine /// TB-Ausbilder | Win 7 Pro - explorer.exe belegt mehr und mehr SpeicherplatzESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz |
|
10.10.2014, 13:47
| #7 |
| | Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Komisch, dachte, das hätte ich Dir gesternm schon geschickt. Servus Schrauber: eset.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=22d3e600f441c245bbc6c9bb566f819b
# engine=20514
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-09 01:31:51
# local_time=2014-10-09 03:31:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1805 16777213 100 100 54002 33952164 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 33961622 164491361 0 0
# scanned=184110
# found=12
# cleaned=0
# scan_time=11105
sh=D3A8BFF5D05F4911365D78E2DEF448FE9FD5599D ft=1 fh=b891977c560c1b9e vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\switch.exe.vir"
sh=1E588BCBFC7C2F2115692014ACBA196E232ACE5F ft=1 fh=45a244a40fc9550e vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\switchsetup_v4.60.exe.vir"
sh=61897FE467FE567D4E93C0E87AF1899DB5416CA2 ft=1 fh=2b4e98822df8a714 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=9C1F74613924FCC1259DC3E2BE0BDB31EA2590D9 ft=1 fh=83932a9109e1e39c vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\AudioConverter\AudioConverter.exe"
sh=FD0483A45EF23EB4DEF1523906A28A4A5D3C0D77 ft=1 fh=fcf2e467b851cbbd vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=16A03B7D45BCB09786444DFC41AD58DE8136DB8D ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\3dcac2e.msi"
sh=FECAF7BBAEEF3ED39DD29D8910E57E6FF253928C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z"
sh=CFC7DA2932ABA2A91E4D5CFD3F187E81A1289571 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z"
sh=23E643C6B8C6A664F05BF9B8843CE8E7F1B342F1 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[4].7z"
sh=FECAF7BBAEEF3ED39DD29D8910E57E6FF253928C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z"
sh=CFC7DA2932ABA2A91E4D5CFD3F187E81A1289571 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z"
sh=23E643C6B8C6A664F05BF9B8843CE8E7F1B342F1 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[4].7z"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 Wise Registry Cleaner 8.23 Java 7 Update 10 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (32.0.3) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by admin (administrator) on ZI_PORTABLE on 09-10-2014 16:09:16 Running from C:\Users\admin\Desktop Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (BUFFALO INC.) C:\Windows\System32\TC2Service.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Lenovo.) C:\Windows\System32\TpShocks.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (BUFFALO INC.) C:\Windows\System32\TC2Tray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (Health Info Net AG) C:\Program Files (x86)\HIN Client\hinclient.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe () F:\Programme\Thunderbird-Portable\20131228_unpack\Thunderbird-Portable.exe (Mozilla Corporation) F:\Programme\Thunderbird-Portable\20131228_unpack\Thunderbird31x\thunderbird.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [tpcexTray] => C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [77368 2013-09-25] (BUFFALO INC.) HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.) HKLM-x32\...\Run: [HIN Client] => C:\Program Files (x86)\HIN Client\hinclient.exe [243432 2013-11-28] (Health Info Net AG) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.) HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432472 2014-03-14] (Lenovo) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [Wallpaper] D:\background\ronja3.jpg HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [WallpaperStyle] 0 HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [ForceStartMenuLogOff] 1 HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoThumbnailCache] 1 HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {421f9ac6-67f9-11e0-bea3-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-21-1644491937-484763869-1060284298-1613-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {421f9ac6-67f9-11e0-bea3-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated) HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [241472 2012-03-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202560 2012-03-05] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk ShortcutTarget: FRITZ!Fernzugang.lnk -> C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.) SSODL: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.19 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default FF SearchEngineOrder.1: Ask Search FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 5016 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-eng-deu-v20.xml FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-fra-deu.xml FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-ita-deu.xml FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-por-deu.xml FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-spa-deu.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HP Smart Print - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\hpwebprint@hpwebprint.com [2013-11-27] FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-11-27] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-16] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-10-07] (Avira Operations GmbH & Co. KG) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin) R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-07] (Lenovo.) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] () S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.) R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin) R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.) S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed] S4 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134712 2013-09-25] (BUFFALO INC.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB) R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-11] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-11] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.) S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation) S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB) S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation) S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation) S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation) S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation) S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation) R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-04-16] () R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated) S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-06-18] () S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [196608 2008-06-24] (Sierra Wireless Inc.) S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [191744 2008-06-24] (Sierra Wireless Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation) S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2008-04-29] (Swisscom) S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [378664 2008-04-29] (Swisscom) S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-09 16:09 - 2014-10-09 16:09 - 00029113 _____ () C:\Users\admin\Desktop\FRST.txt 2014-10-09 16:08 - 2014-10-06 21:16 - 02109952 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2014-10-09 15:57 - 2014-10-09 15:57 - 00854417 _____ () C:\Users\admin\Desktop\SecurityCheck.exe 2014-10-09 12:20 - 2014-10-09 12:20 - 02347384 _____ (ESET) C:\Users\admin\Desktop\esetsmartinstaller_deu.exe 2014-10-08 14:21 - 2014-10-08 14:21 - 00000000 ____D () C:\Windows\ERUNT 2014-10-08 14:03 - 2014-10-08 14:03 - 00000629 _____ () C:\Users\admin\Desktop\TRANSFERS.lnk 2014-10-08 13:56 - 2014-10-08 14:20 - 00000000 ____D () C:\AdwCleaner 2014-10-08 13:51 - 2014-10-08 13:51 - 00002846 _____ () C:\mbam.txt 2014-10-08 13:16 - 2014-10-09 14:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-08 13:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-08 13:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-08 13:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-07 12:18 - 2014-10-07 12:18 - 01957888 _____ () C:\Windows\Minidump\100714-15303-01.dmp 2014-10-07 10:27 - 2014-10-07 10:27 - 00000101 ____H () C:\.~lock.ComboFix.txt# 2014-10-07 10:14 - 2014-10-07 10:14 - 00032617 _____ () C:\ComboFix.txt 2014-10-07 09:57 - 2014-10-07 10:14 - 00000000 ____D () C:\Qoobox 2014-10-07 09:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-07 09:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-07 09:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-07 09:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-07 09:56 - 2014-10-07 10:13 - 00000000 ____D () C:\Windows\erdnt 2014-10-07 09:55 - 2014-10-07 09:55 - 05582481 _____ (Swearware) C:\Users\admin\Downloads\ComboFix(1).exe 2014-10-07 09:42 - 2014-10-07 09:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-07 08:47 - 2014-10-07 08:47 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2014-10-06 23:48 - 2014-10-06 23:48 - 00462288 _____ () C:\Windows\Minidump\100614-14710-01.dmp 2014-10-06 21:18 - 2014-10-09 16:09 - 00000000 ____D () C:\FRST 2014-10-06 21:14 - 2014-10-06 21:14 - 00000000 _____ () C:\Users\admin\defogger_reenable 2014-10-04 09:46 - 2014-10-04 09:46 - 00000000 _____ () C:\Windows\Minidump\100414-15568-01.dmp 2014-10-01 17:19 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 17:19 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-26 19:35 - 2014-09-26 19:35 - 00001697 _____ () C:\Users\Public\Desktop\ShakeHands Kontor 2014.lnk 2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\Users\admin\AppData\Local\ProSaldo 2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShakeHands 2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Users\admin\Documents\ProSaldo 2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Programme 2014-09-25 17:43 - 2014-09-25 17:43 - 43868392 _____ (Health Info Net AG) C:\Users\admin\Downloads\hin_client_windows.exe 2014-09-25 11:33 - 2014-09-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 01:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 01:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 19:21 - 2014-09-23 19:21 - 00000082 _____ () C:\Windows\odbc_merge.INI 2014-09-23 19:17 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\admin\Documents\Taxpool-Buchhalter 2014-09-23 19:07 - 2014-09-23 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{56643D1F-761C-478F-A31F-24E83B3880B1} 2014-09-23 19:01 - 2014-09-23 19:01 - 63249048 _____ () C:\Users\admin\Downloads\taxpool_buchhalter_mini_installation.exe 2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-21 10:55 - 2014-09-21 10:55 - 00000000 _____ () C:\Windows\Minidump\092114-15210-01.dmp 2014-09-17 15:07 - 2014-09-17 15:07 - 00000000 ____D () C:\Users\admin\.jfreereport 2014-09-16 18:55 - 2014-10-08 15:44 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-09-16 12:54 - 2014-09-23 19:04 - 00001972 _____ () C:\Users\admin\Documents\SyncSettings_F_DESKTOP_FUER_ARCHIV.ffs_gui 2014-09-16 12:38 - 2014-09-16 12:38 - 00000000 _____ () C:\Windows\Minidump\091614-15022-01.dmp 2014-09-14 04:39 - 2014-09-23 19:04 - 00001942 _____ () C:\Users\admin\Documents\SyncSettings_F_NAS2.ffs_gui 2014-09-13 18:10 - 2014-09-13 18:10 - 00000000 ____D () C:\Users\admin\Documents\2XPDFStore 2014-09-12 10:38 - 2014-09-12 10:41 - 224940032 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86.msi 2014-09-12 10:38 - 2014-09-12 10:38 - 07393280 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86_helppack_de.msi 2014-09-11 09:45 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 09:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 09:45 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 09:45 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 09:45 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 09:45 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 09:45 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 09:45 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 09:45 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 09:45 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 09:45 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 09:45 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 09:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 09:45 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 09:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 09:45 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 09:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 09:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 09:45 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 09:45 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 09:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 09:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 09:45 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 09:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 09:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 09:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 09:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 09:45 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 09:45 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 09:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 09:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 09:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 09:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 09:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 09:44 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 09:44 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 09:44 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 09:44 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 09:44 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 09:44 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 09:44 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 09:44 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 09:44 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 09:44 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 09:44 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 09:44 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 09:44 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 09:44 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 09:44 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 09:44 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 09:44 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 09:44 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 09:44 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 09:44 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 09:44 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 09:44 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 09:42 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 09:42 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-11 09:17 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-11 09:17 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-11 09:13 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 09:13 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-11 09:12 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 09:12 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 09:12 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-11 09:12 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-11 09:12 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 17:35 - 2014-09-10 17:35 - 00000962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-09-10 16:15 - 2014-09-10 16:15 - 06057862 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.9.0.5_win32-setup.exe 2014-09-09 22:04 - 2014-09-09 22:04 - 00000112 _____ () C:\Windows\system32\snetcfg.log 2014-09-09 22:00 - 2014-09-09 22:00 - 03784904 _____ (WiseCleaner.com ) C:\Users\admin\Downloads\WPCASetup.exe 2014-09-09 21:17 - 2014-09-13 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\2XClient 2014-09-09 21:17 - 2014-09-09 21:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2X 2014-09-09 21:08 - 2014-09-09 21:08 - 00003062 _____ () C:\Windows\System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1} 2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98} 2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-09 16:06 - 2011-04-16 09:42 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-10-09 16:05 - 2011-04-16 09:42 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-10-09 16:01 - 2013-09-11 08:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype 2014-10-09 15:56 - 2014-05-12 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-09 15:42 - 2014-04-20 10:37 - 00000000 ____D () C:\Users\admin\Desktop\verwaltung 2014-10-09 15:41 - 2011-04-16 09:19 - 01753198 _____ () C:\Windows\WindowsUpdate.log 2014-10-09 15:41 - 2009-07-14 06:51 - 00174474 _____ () C:\Windows\setupact.log 2014-10-09 15:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-10-08 20:28 - 2014-02-10 19:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla 2014-10-08 15:51 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-08 15:51 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-08 15:42 - 2011-04-16 09:35 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-08 15:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-08 15:37 - 2011-04-16 09:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-10-08 15:37 - 2011-04-16 09:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-10-08 15:37 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-08 14:16 - 2011-04-16 09:36 - 00192580 _____ () C:\Windows\PFRO.log 2014-10-08 14:15 - 2013-08-19 13:51 - 00000000 ____D () C:\Users\admin 2014-10-08 14:05 - 2013-08-19 13:53 - 00000000 ____D () C:\Users\admin\AppData\Local\Lenovo 2014-10-08 13:38 - 2009-07-24 19:29 - 00000000 ____D () C:\Windows\Panther 2014-10-07 12:34 - 2013-09-11 16:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-07 12:34 - 2013-09-11 16:25 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 12:34 - 2013-09-11 16:25 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-07 12:18 - 2014-09-05 18:51 - 535049227 _____ () C:\Windows\MEMORY.DMP 2014-10-07 12:18 - 2013-12-22 21:07 - 00000000 ____D () C:\Windows\Minidump 2014-10-07 10:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-07 10:08 - 2009-07-14 04:34 - 69992448 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-10-07 10:08 - 2009-07-14 04:34 - 24379392 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-10-07 10:08 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-10-07 10:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-10-07 10:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-10-07 08:47 - 2014-07-15 18:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\LSC 2014-10-07 08:47 - 2012-07-17 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo 2014-10-07 08:47 - 2011-04-16 09:23 - 00000000 ____D () C:\Program Files\Lenovo 2014-10-07 08:46 - 2011-04-16 09:42 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-10-06 22:54 - 2014-06-12 11:34 - 00000085 _____ () C:\Users\admin\AppData\Roaming\WB.CFG 2014-10-06 10:06 - 2013-11-27 17:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\HpUpdate 2014-10-04 13:38 - 2014-05-07 23:35 - 00001863 _____ () C:\Users\admin\Desktop\20140512_RA_007_SVA_Bern_11341.lnk 2014-10-04 10:52 - 2014-02-19 07:56 - 00000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND 2014-09-29 18:16 - 2013-09-29 17:26 - 00002282 ____H () C:\Users\admin\Documents\Default.rdp 2014-09-29 17:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-09-29 11:46 - 2014-05-05 14:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-09-25 19:02 - 2013-08-19 14:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe 2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client.lnk 2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client Deinstallationsprogramm.lnk 2014-09-25 17:58 - 2013-10-27 11:40 - 00000000 ____D () C:\Program Files (x86)\HIN Client 2014-09-25 16:42 - 2013-08-19 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 18:26 - 2014-02-16 15:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2014-09-24 18:26 - 2014-02-16 15:37 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2014-09-24 18:26 - 2014-02-16 15:37 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2014-09-24 15:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-23 19:04 - 2014-08-20 16:42 - 00001945 _____ () C:\Users\admin\Documents\SyncSettings_F_ZENTRALE.ffs_gui 2014-09-23 19:03 - 2014-06-20 10:34 - 00000943 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk 2014-09-23 19:03 - 2014-06-20 10:34 - 00000933 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk 2014-09-23 19:03 - 2014-04-17 18:11 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk 2014-09-23 19:03 - 2014-04-17 18:11 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk 2014-09-23 18:59 - 2014-04-01 18:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-23 18:59 - 2013-09-11 08:12 - 00000000 ____D () C:\ProgramData\Skype 2014-09-21 15:15 - 2014-08-28 18:03 - 00000000 ____D () C:\Users\admin\Desktop\für POSTBOX 2014-09-21 14:43 - 2013-08-23 20:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-18 22:07 - 2013-10-18 14:59 - 00000000 ____D () C:\ProgramData\32nd America's Cup 2014-09-16 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-16 12:53 - 2013-11-25 16:35 - 00000000 ____D () C:\Users\admin\Desktop\für ARCHIVDATA 2014-09-15 08:27 - 2013-08-19 18:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-15 08:21 - 2012-07-17 14:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-12 12:45 - 2014-05-05 14:34 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm 2014-09-11 09:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-11 09:43 - 2013-12-22 11:40 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 13:57 - 2014-05-12 10:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 13:56 - 2013-08-23 20:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-10 13:56 - 2013-08-23 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang 2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang 2014-09-09 22:02 - 2014-06-13 10:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WiseUpdate Some content of TEMP: ==================== C:\Users\admin\AppData\Local\Temp\avgnt.exe C:\Users\admin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 00:51 ==================== End Of Log ============================ --- --- ---  Ergebnis VIEL besser: explorer.exe "wächst" jetzt auf 57.000 kB, scheint aber (toi toi toi) die Grösse stabil zu halten - hatte seit gestern nachmittag keinen Neustart des explorers mehr nötig. Magst Du mir noch einmal zusammenfassen, was "versifft" war? Und was Du mir zum besseren Schutz anrätst? Das wäre super.  Grüsse chic (o |
|
11.10.2014, 11:26
| #8 |
| /// the machine /// TB-Ausbilder | Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Java und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 0
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Da war jede Menge Adware Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2014, 10:15
| #9 |
| | Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Moinmoin Schrauber. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by admin at 2014-10-12 10:13:19 Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 0
*****************
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
==== End of Fixlog ====
Beste Grüsse chic (o |
|
13.10.2014, 09:15
| #10 |
| /// the machine /// TB-Ausbilder | Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
