| |
| |||||||
Log-Analyse und Auswertung: Win 7 Pro - explorer.exe belegt mehr und mehr SpeicherplatzWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.10.2014, 08:22
| #1 |
| |  Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz Guten Tag. Auf meinem Laptop (Lenovo t420i) verwendet explorer.exe nach dem start ~ 25.000 K, was dann beim standardmässigen Arbeiten (installierte Programme ANTIVIR, FIREFOX, THUNDERBIRD, LIBRE OFFICE, ACROBAT) langsam auf bis zu 380.000 K ansteigt. Irgendwann funktionieren dann Doppelklicks auf dem Desktop nicht mehr. Abhilfe: Prozess im Taskmanager löschen und explorer.exe neu starten, dann fängt das Ganze von vorne an. ANTIVIR zeigt KEINE Funde. Ich habe DEFOGGER, FIRST64 und GMER installiert und nach trojaner-board-Anweisung laufen lassen. DEFOGGER bringt KEINE Fehlermeldung. FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by admin (administrator) on ZI_PORTABLE on 06-10-2014 21:21:50
Running from C:\Users\admin\Desktop
Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(BUFFALO INC.) C:\Windows\System32\TC2Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Health Info Net AG) C:\Program Files (x86)\HIN Client\hinclient.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(FileZilla Project) F:\Programme\FileZillaPortable\FileZilla FTP Client\filezilla.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\scalc.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\soffice.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(FileZilla Project) F:\Programme\FileZillaPortable\FileZilla FTP Client\fzsftp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\admin\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\SYSTEM32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [tpcexTray] => C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [77368 2013-09-25] (BUFFALO INC.)
HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HIN Client] => C:\Program Files (x86)\HIN Client\hinclient.exe [243432 2013-11-28] (Health Info Net AG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432472 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {3a304c2d-d836-11e3-8d5f-402cf4fee0d8} - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {884b5e2a-da7b-11e3-84e8-402cf4fee0d8} - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {bb8ee080-e7b8-11e3-9149-dcde8e4fc27e} - E:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241472 2012-03-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202560 2012-03-05] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk
ShortcutTarget: FRITZ!Fernzugang.lnk -> C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.19
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default
FF SearchEngineOrder.1: Ask Search
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\user.js
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-fra-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-ita-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-por-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-spa-deu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HP Smart Print - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\hpwebprint@hpwebprint.com [2013-11-27]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-16]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [802384 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-07] (Lenovo.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed]
S4 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134712 2013-09-25] (BUFFALO INC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-11] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-11] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-04-16] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-06-18] ()
S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [196608 2008-06-24] (Sierra Wireless Inc.)
S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [191744 2008-06-24] (Sierra Wireless Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation)
S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2008-04-29] (Swisscom)
S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [378664 2008-04-29] (Swisscom)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-06 21:21 - 2014-10-06 21:22 - 00027838 _____ () C:\Users\admin\Desktop\FRST.txt
2014-10-06 21:18 - 2014-10-06 21:21 - 00000000 ____D () C:\FRST
2014-10-06 21:16 - 2014-10-06 21:16 - 02109952 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-10-06 21:14 - 2014-10-06 21:14 - 00000472 _____ () C:\Users\admin\Desktop\defogger_disable.log
2014-10-06 21:14 - 2014-10-06 21:14 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-10-06 21:12 - 2014-10-06 21:13 - 00050477 _____ () C:\Users\admin\Desktop\Defogger.exe
2014-10-05 14:54 - 2014-10-05 14:54 - 05582481 _____ (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2014-10-04 09:46 - 2014-10-04 09:46 - 00000000 _____ () C:\Windows\Minidump\100414-15568-01.dmp
2014-10-01 17:19 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:19 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 19:35 - 2014-09-26 19:35 - 00001697 _____ () C:\Users\Public\Desktop\ShakeHands Kontor 2014.lnk
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\Users\admin\AppData\Local\ProSaldo
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShakeHands
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Users\admin\Documents\ProSaldo
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Programme
2014-09-25 17:43 - 2014-09-25 17:43 - 43868392 _____ (Health Info Net AG) C:\Users\admin\Downloads\hin_client_windows.exe
2014-09-25 11:33 - 2014-09-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 01:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 01:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 19:21 - 2014-09-23 19:21 - 00000082 _____ () C:\Windows\odbc_merge.INI
2014-09-23 19:17 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\admin\Documents\Taxpool-Buchhalter
2014-09-23 19:07 - 2014-09-23 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{56643D1F-761C-478F-A31F-24E83B3880B1}
2014-09-23 19:01 - 2014-09-23 19:01 - 63249048 _____ () C:\Users\admin\Downloads\taxpool_buchhalter_mini_installation.exe
2014-09-23 19:00 - 2014-09-23 19:00 - 11721744 _____ () C:\Users\admin\Downloads\FreeFileSync_6.9_Windows_Setup.exe
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 10:55 - 2014-09-21 10:55 - 00000000 _____ () C:\Windows\Minidump\092114-15210-01.dmp
2014-09-17 15:07 - 2014-09-17 15:07 - 00000000 ____D () C:\Users\admin\.jfreereport
2014-09-16 18:55 - 2014-10-04 09:49 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-16 12:54 - 2014-09-23 19:04 - 00001972 _____ () C:\Users\admin\Documents\SyncSettings_F_DESKTOP_FUER_ARCHIV.ffs_gui
2014-09-16 12:38 - 2014-09-16 12:38 - 00000000 _____ () C:\Windows\Minidump\091614-15022-01.dmp
2014-09-14 04:39 - 2014-09-23 19:04 - 00001942 _____ () C:\Users\admin\Documents\SyncSettings_F_NAS2.ffs_gui
2014-09-13 18:10 - 2014-09-13 18:10 - 00000000 ____D () C:\Users\admin\Documents\2XPDFStore
2014-09-12 10:38 - 2014-09-12 10:41 - 224940032 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86.msi
2014-09-12 10:38 - 2014-09-12 10:38 - 07393280 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86_helppack_de.msi
2014-09-11 09:45 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 09:45 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 09:45 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 09:45 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 09:45 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 09:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 09:45 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 09:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 09:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 09:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 09:44 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 09:44 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 09:44 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 09:44 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 09:44 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 09:44 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 09:44 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 09:42 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 09:42 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 09:17 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 09:17 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 09:13 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 09:13 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 09:12 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 17:35 - 2014-09-10 17:35 - 00000962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-10 16:15 - 2014-09-10 16:15 - 06057862 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-09 22:04 - 2014-09-09 22:04 - 00000112 _____ () C:\Windows\system32\snetcfg.log
2014-09-09 22:00 - 2014-09-09 22:00 - 03784904 _____ (WiseCleaner.com ) C:\Users\admin\Downloads\WPCASetup.exe
2014-09-09 21:17 - 2014-09-13 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\2XClient
2014-09-09 21:17 - 2014-09-09 21:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2X
2014-09-09 21:08 - 2014-09-09 21:08 - 00003062 _____ () C:\Windows\System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-06 21:22 - 2011-04-16 09:42 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-06 21:20 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:20 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:17 - 2011-04-16 09:42 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-06 21:14 - 2013-08-19 13:51 - 00000000 ____D () C:\Users\admin
2014-10-06 20:56 - 2014-05-12 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 20:37 - 2014-06-12 09:34 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-10-06 17:17 - 2011-04-16 09:19 - 01646166 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 15:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-06 10:06 - 2013-11-27 17:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\HpUpdate
2014-10-06 09:58 - 2009-07-14 06:51 - 00171565 _____ () C:\Windows\setupact.log
2014-10-06 09:52 - 2014-02-10 19:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla
2014-10-04 13:38 - 2014-05-07 23:35 - 00001863 _____ () C:\Users\admin\Desktop\20140512_RA_007_SVA_Bern_11341.lnk
2014-10-04 12:48 - 2013-09-11 08:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-10-04 10:52 - 2014-02-19 07:56 - 00000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2014-10-04 09:46 - 2014-09-05 18:51 - 500728971 _____ () C:\Windows\MEMORY.DMP
2014-10-04 09:46 - 2013-12-22 21:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 09:46 - 2011-04-16 09:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-04 09:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 17:47 - 2014-06-10 19:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\NCH Software
2014-10-01 17:12 - 2011-04-16 09:36 - 00189552 _____ () C:\Windows\PFRO.log
2014-09-29 18:16 - 2013-09-29 17:26 - 00002282 ____H () C:\Users\admin\Documents\Default.rdp
2014-09-29 17:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-29 11:46 - 2014-05-05 14:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-29 10:10 - 2014-04-20 10:37 - 00000000 ____D () C:\Users\admin\Desktop\verwaltung
2014-09-27 14:34 - 2014-06-12 11:34 - 00000098 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2014-09-26 11:06 - 2011-04-16 09:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 11:06 - 2011-04-16 09:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 11:06 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 19:02 - 2013-08-19 14:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client.lnk
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client Deinstallationsprogramm.lnk
2014-09-25 17:58 - 2013-10-27 11:40 - 00000000 ____D () C:\Program Files (x86)\HIN Client
2014-09-25 16:42 - 2013-08-19 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 18:26 - 2014-02-16 15:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-24 15:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 19:04 - 2014-08-20 16:42 - 00001945 _____ () C:\Users\admin\Documents\SyncSettings_F_ZENTRALE.ffs_gui
2014-09-23 19:03 - 2014-06-20 10:34 - 00000943 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2014-09-23 19:03 - 2014-06-20 10:34 - 00000933 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-09-23 18:59 - 2014-04-01 18:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-23 18:59 - 2013-09-11 08:12 - 00000000 ____D () C:\ProgramData\Skype
2014-09-21 15:15 - 2014-08-28 18:03 - 00000000 ____D () C:\Users\admin\Desktop\für POSTBOX
2014-09-21 14:43 - 2013-08-23 20:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 22:07 - 2013-10-18 14:59 - 00000000 ____D () C:\ProgramData\32nd America's Cup
2014-09-16 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-16 12:53 - 2013-11-25 16:35 - 00000000 ____D () C:\Users\admin\Desktop\für ARCHIVDATA
2014-09-15 08:27 - 2013-08-19 18:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 08:21 - 2012-07-17 14:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 12:45 - 2014-05-05 14:34 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm
2014-09-11 09:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 09:43 - 2013-12-22 11:40 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 13:57 - 2014-05-12 10:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 13:56 - 2013-08-23 20:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:56 - 2013-08-23 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang
2014-09-09 22:02 - 2014-06-13 10:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WiseUpdate
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\ffmpeg15.exe
C:\Users\cz\AppData\Local\Temp\avgnt.exe
C:\Users\nadmin\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 00:51
==================== End Of Log ============================
ADDITION.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by admin at 2014-10-06 21:22:57
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32nd America's Cup Patch1 (HKLM-x32\...\VskAC32_is1) (Version: - Nadeo)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Boxcryptor Classic 1.6 (HKLM-x32\...\{8978A896-993E-451B-81FB-D11CAC402F91}) (Version: 1.6.400.65 - Secomba GmbH)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: - )
BUFFALO TeraStation(WS-VL Series) Setup Guide (HKLM-x32\...\UN110308) (Version: - )
BUFFALO TurboPC EX Series (HKLM-x32\...\UN110613) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version: - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.808 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version: - IdeaMK)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DPM Player (HKLM-x32\...\{BA495217-1475-47A8-AB83-B7DC2A59B49E}) (Version: 1.00.0000 - Philips Speech Processing)
DPMCtrl.dll 2009.3 (HKLM-x32\...\DMPCTRL_is1) (Version: 2009.3 - James M. Voelker)
Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz)
DSS to Wave Converter 2011.1 (HKLM-x32\...\DSS2Wave_is1) (Version: 2011.1 - James M. Voelker)
ELO Pdf Drucker (HKLM-x32\...\{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}) (Version: 8.0 - ELO Digital Office GmbH)
ELOoffice (HKLM-x32\...\{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}) (Version: 9.0 - ELO Digital Office GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HIN Client (HKLM-x32\...\6993-3411-2195-6139) (Version: 1.4.0 - Health Info Net AG)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{312A65D1-64B1-4E81-85C0-85BE743A6550}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM-x32\...\{65038824-6DC7-4A44-828A-D7A7F04CD61B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) PRO/Wireless Driver (Version: 16.10.0000.1228 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.030.01.02.51 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Northspace VSK Courses 1.0 (HKLM-x32\...\{9F4281A5-75F2-43C4-839E-511A715F58CB}_is1) (Version: - Northspace)
NVIDIA 3D Vision Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 276.58 - NVIDIA Corporation)
NVIDIA Control Panel 276.58 (Version: 276.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 276.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.82.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13564 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.3.12 (Version: 1.3.12 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7658 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.3.12 - NVIDIA Corporation) Hidden
Philips DPM Player Hot Fix (HKLM-x32\...\Philips DPM Player Hot Fix_is1) (Version: - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.31.0010.00 - Lenovo Group Limited)
RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
ShakeHands Kontor 2014 Release 11.2.1 (HKLM-x32\...\{868EDAD1-2C43-4E0B-972A-55BFAB0E56E0}}_is1) (Version: - ShakeHands Software Ltd)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.38.0 - 2BrightSparks)
Taxpool-Buchhalter Mini 8.20 (HKLM-x32\...\Taxpool-Buchhalter Mini) (Version: 8.20 - psynetic® Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Audio Converter (HKCU\...\Digital Sites) (Version: - Update for Audio Converter) <==== ATTENTION
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.23 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.23 - WiseCleaner.com, Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2727355821-1189829001-2483972847-1001_Classes\CLSID\{F5DF8D65-559D-4b75-8562-5302BD2F5F20}\InprocServer32 -> C:\Users\admin\AppData\Roaming\2XClient\TuxClientSystem.dll (2X Software Ltd.)
==================== Restore Points =========================
22-09-2014 04:00:11 Windows-Sicherung
23-09-2014 04:00:10 Windows-Sicherung
24-09-2014 06:57:08 Windows Update
24-09-2014 06:57:26 Windows-Sicherung
25-09-2014 07:21:16 Windows-Sicherung
26-09-2014 08:56:39 Windows-Sicherung
01-10-2014 15:23:33 Windows-Sicherung
02-10-2014 01:00:12 Windows Update
06-10-2014 04:00:14 Windows-Sicherung
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {016EDBE6-7142-48BE-B625-2E27458372BA} - System32\Tasks\{C4C7140F-FA99-42CF-8CFA-8C91D3A43985} => C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
Task: {08A4438C-B0FF-4CA7-ACBB-1372E95ACD9B} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {098BBB6E-C9BE-4B51-AE21-042880E6C468} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {162C5A7F-52FB-48B6-9145-A198BE6FEAF1} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {255FDC70-F297-4E67-AB0E-562B2D75519C} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {45A6DF59-FFC9-4CD8-B3E1-8AC820456C01} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {47E8C257-BC97-41D7-935E-C584358276B5} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {4E825668-3EC3-4118-B503-EECBDB5421CF} - System32\Tasks\Driver Whiz-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {5AF432A6-7863-498A-A247-889BE6D7D92E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {622D35A6-C21E-4D89-BF66-7C71B3BC42D1} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {65E72476-F31C-436E-95D0-A67DFDD66AB6} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {6675D8CF-9B28-4CEB-ABA3-4BDCD777285E} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {80B53E5E-7FFE-44D6-9979-E42E591BF8AF} - System32\Tasks\Driver Whiz-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {96E0118B-8B97-403B-95D2-F2E05DCF5A84} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9E381594-8B29-4EAF-B0F6-54F91AFA725B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {A20B1E84-E43E-48D3-8B49-CC39983003D7} - System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {A2343AFA-0720-4AD1-9F70-EE2620821137} - System32\Tasks\Driver Whiz-RTMScanRunOnce => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {B2089EDE-154D-41FF-B014-8AD072A51D18} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {B27C9916-1D0D-43E6-9719-FDF1C4DFFA11} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {B41FE74A-40FF-4F59-A7CA-A8246B9BA408} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {C4886425-9EC2-40D9-94D7-8299C6AFD210} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2010-12-11] (Lenovo Limited Group Corporation)
Task: {C644179C-EF57-4C69-B214-B24967A287A8} - System32\Tasks\Driver Whiz-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {C948B737-2ABE-433D-B0FF-B55CA0141858} - System32\Tasks\Digital Sites => C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {CAC2D343-46CA-41B7-A4DE-D596DFDA6BEE} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-10] ()
Task: {CC24DBE3-F751-462A-B1F4-0B24A5FD4AF3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {CE9301A4-8DA2-4FC1-B1E5-1F2227BC968D} - System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {DD020A19-F1CF-40A6-8A52-71FBC30B2CDD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {E07505AC-1D38-4B60-A771-0419931A1158} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {EBA0FC2C-7CDB-4CBA-B5B4-67FD4437D7A1} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited)
Task: {F25DF6A3-E502-4DEA-B35B-6A8B9A8516F1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {F4082DC2-0577-4574-B104-567B6C5BEB98} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {F417C958-E224-46CE-869F-6681179C0ECA} - System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {F802ACC2-3676-4D5F-9574-EE6557A78A5C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {FB5F56B2-7B62-4C68-AD89-2BC74C07F52D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {FD30C93A-C399-4C61-A929-8FACA6ACE19F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2011-04-16 09:37 - 2014-03-07 06:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2009-05-28 07:09 - 2009-05-28 07:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2013-09-19 10:00 - 2013-09-19 10:00 - 00684416 ____N () C:\Program Files (x86)\Driver Whiz\Driver Whiz\ThemePack.DriverWhiz.dll
2013-09-19 09:31 - 2013-09-19 09:31 - 00412064 ____N () C:\Program Files (x86)\Driver Whiz\Driver Whiz\Agent.Communication.XmlSerializers.dll
2026-04-19 14:06 - 2014-05-01 21:29 - 00098304 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\fzshellext_64.dll
2012-07-17 14:22 - 2011-01-26 21:31 - 00615016 ____N () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2014-10-06 21:12 - 2014-10-06 21:13 - 00050477 _____ () C:\Users\admin\Desktop\Defogger.exe
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 ____N () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2011-04-16 09:33 - 2011-05-27 02:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 ____N () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 ____N () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2026-04-19 16:51 - 2014-05-24 18:41 - 00091648 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2026-04-19 16:51 - 2014-05-24 18:41 - 00892416 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\libstdc++-6.dll
2026-04-20 04:17 - 2014-08-27 23:02 - 01042232 _____ () F:\Programme\LibreOfficePortable\program\libxml2.dll
2026-04-20 04:17 - 2014-08-27 23:02 - 00183096 _____ () F:\Programme\LibreOfficePortable\program\libxslt.dll
2026-04-20 04:17 - 2014-08-27 23:03 - 00080696 _____ () F:\Programme\LibreOfficePortable\program\python3.dll
2026-04-20 04:16 - 2014-08-27 20:17 - 00049152 _____ () F:\Programme\LibreOfficePortable\program\python-core-3.3.3\lib\_socket.pyd
2014-09-25 11:33 - 2014-09-25 11:33 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-03-04 22:16 - 2012-03-04 22:16 - 00249664 ____N () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2014-09-10 13:56 - 2014-09-10 13:56 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
admin (S-1-5-21-2727355821-1189829001-2483972847-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2727355821-1189829001-2483972847-500 - Administrator - Disabled)
Gast (S-1-5-21-2727355821-1189829001-2483972847-501 - Limited - Disabled)
nadmin (S-1-5-21-2727355821-1189829001-2483972847-1003 - Administrator - Enabled)
UpdatusUser (S-1-5-21-2727355821-1189829001-2483972847-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/05/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/04/2014 02:50:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: lpu_lib.dll, Version: 1.4.0.1, Zeitstempel: 0x51f0e093
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000001f67e
ID des fehlerhaften Prozesses: 0x1b08
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (10/03/2014 03:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x474
Startzeit der fehlerhaften Anwendung: 0xavfwsvc.exe0
Pfad der fehlerhaften Anwendung: avfwsvc.exe1
Pfad des fehlerhaften Moduls: avfwsvc.exe2
Berichtskennung: avfwsvc.exe3
Error: (10/03/2014 08:27:55 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/02/2014 09:51:58 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/01/2014 05:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Name des fehlerhaften Moduls: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ce14
ID des fehlerhaften Prozesses: 0x758
Startzeit der fehlerhaften Anwendung: 0xavfwsvc.exe0
Pfad der fehlerhaften Anwendung: avfwsvc.exe1
Pfad des fehlerhaften Moduls: avfwsvc.exe2
Berichtskennung: avfwsvc.exe3
Error: (09/29/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/28/2014 00:51:29 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/27/2014 02:33:42 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/26/2014 07:33:01 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
System errors:
=============
Error: (10/04/2014 09:46:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.10.2014 um 17:40:04 unerwartet heruntergefahren.
Error: (10/03/2014 05:41:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.
Error: (10/03/2014 05:41:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.
Error: (10/03/2014 03:47:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.
Error: (10/03/2014 03:46:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.
Error: (10/03/2014 03:45:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira FireWall" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/01/2014 05:13:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira FireWall" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/27/2014 02:22:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (09/26/2014 10:32:24 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error: (09/26/2014 10:16:58 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Microsoft Office Sessions:
=========================
Error: (10/05/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (10/04/2014 02:50:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4lpu_lib.dll1.4.0.151f0e09340000015000000000001f67e1b0801cfdfc57fced127C:\Windows\explorer.exeC:\Program Files\Common Files\Lenovo\lpu\lpu_lib.dllf996e42a-4bc4-11e4-811f-d158c8705188
Error: (10/03/2014 03:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avfwsvc.exe14.0.6.52253bec7f9ntdll.dll6.1.7601.18247521ea8e7c0000005000222d247401cfdf1045439099C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exeC:\Windows\SysWOW64\ntdll.dll956b4942-4b03-11e4-b13c-c5168adeea84
Error: (10/03/2014 08:27:55 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (10/02/2014 09:51:58 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (10/01/2014 05:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avfwsvc.exe14.0.6.52253bec7f9avfwsvc.exe14.0.6.52253bec7f9c00000050000ce1475801cfdd8a3674ffc4C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe87228278-497d-11e4-b8ca-fd0ae5dde382
Error: (09/29/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (09/28/2014 00:51:29 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (09/27/2014 02:33:42 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (09/26/2014 07:33:01 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: \\Zentrale\data\downloads\FileZilla_3.8.0_win32-setup.exe\\Zentrale\data\downloads\FileZilla_3.8.0_win32-setup.exe0
CodeIntegrity Errors:
===================================
Date: 2014-09-26 15:47:14.696
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-05 18:21:39.027
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-20 19:14:17.895
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-06 19:56:56.218
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-04 14:20:29.577
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 19:08:09.864
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 18:54:27.128
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 18:25:25.378
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-03 17:17:47.606
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-20 20:53:48.089
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3979.23 MB
Available physical RAM: 1780.66 MB
Total Pagefile: 7956.65 MB
Available Pagefile: 5331.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:281.29 GB) (Free:202.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (GA EINS) (Removable) (Total:29.5 GB) (Free:15.25 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.63 GB) (Free:2.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 80047904)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
GMER.log Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-06 23:34:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.GHBZ 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\fflyauog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035f7000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582 fffff800035f7036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000174200 7 bytes [40, A3, F3, FF, 01, B5, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000174208 3 bytes [C0, 06, 02]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4fee0d8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4fee0d8@544408ccf045 0x45 0x33 0xED 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9f723f2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9fdaaf5
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???U???????U#???? ???????U?????U???????,????????4?7?D???????????????????????????????????????????????srvnet?47F??????????????AP??????????????`????????????-????N??i????????D??1???1??????????? ???????U?????????????,??????????????#?????? &??????????????????????????????????????????????d???c?d?U??Microsoft???? ???????U?????U???????,????????4?8?D???????????????????????????????????????storflt??4???????????????????????????????d??os??t???? ???????U?????????????,??????????????#?????tcpipreg?0??????0???????????????????ta???????????`?`?Z????h??????W?gcf???????U???????????z?{???????U#???? ???????T ????????????,??????????V?&???????????????????????\\?\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#12083000000278&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}???????????????????????????18?????????0???????????????????????????? ?????????????????????????????????????????????????????????? ??????????????????? ???????s?????oem??? *??b?????????l????USB?CD??????????????????????? 6??_???s?????D?????????????:?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4fee0d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4fee0d8@544408ccf045 0x45 0x33 0xED 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9f723f2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9fdaaf5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???n??????????????????????????????????`??v?????????e????Mausklassentreiber??????????????????????????.NTAMD64?????????????????????????????&??DiskDrive???Microsoft?????<??n????????????????B??r?????????e??????`???????????????&??n?????????e????1.9??>???????????????n?????t????????????????1-?????????????????????????????k???k??????8???????????h?????????te??system32\DRIVERS\HECIx64.sys???????????????g?????????????n??@%systemroot%\system32\drivers\luafv.sys,-101?????:??n???4????h???????N??????C????D1CB??NWIM?????????????????????i?????????e?????n???v????N?????????????????COM11???1???Extended base???system32\DRIVERS\mouclass.sys?ouclass.sys?????b??n?????????e????System Bus Extender?????????????????t???????????????t????????????????????n??????????????????9A??? ???????n???????? ????,?????? ????????S?'???????????????????????????n????????h??????????????4??4???????????????????????????????????t?????????????????????????????????????????P??n????????h??????n???n???????????????????????s??ep???o??????<??????????????n?????????????e?
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\admin\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
Baum-Darstellung