| |
| |||||||
Log-Analyse und Auswertung: Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
16.02.2015, 20:53
| #1 |
| |  Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. Guten Abend an die Runde. Ich habe laut meinem Antivirenprogramm, Panda Internet Security 2013, befall von Trj/CI.A gehabt. Im Forum fand ich mehrere Themen dazu und habe mich dort erstmal ein wenig eingelesen, insbesondere gleich den obersten Fund. Einiges scannen und fixen später hoffe ich nun das Problem soweit im Griff zu haben, bitte aber um fachkundige Hilfe da ich als Laie zu wenig von dem ganzen Verstehe. In kurz : Kann mir bitte jemand sagen ob ich diesen Plagegeist los bin ? Und wenn nicht wie ich ihn los werde. DANKE! Soweit habe ich die folgenden Programme zum Deinstallieren bzw. Löschen benutzt, samt Log-Files falls mir bekannt und vorhanden. Spybot S&D, Panda Cloud Scanner und Panda Internet Security 2013 fanden zuletzt nichts mehr. Zum Deinstallieren und Bereinigen wurden CCleaner und Revo Uninstaller genutzt. FRST64 Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015 Ran by ntlor_000 (administrator) on DINGO on 16-02-2015 16:44:59 Running from C:\Users\ntlor_000\Documents\Antivir\fsr Loaded Profiles: ntlor_000 (Available profiles: UpdatusUser & ntlor_000) Platform: Windows 8.1 Pro (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\WINDOWS\SYSTEM32\TpShocks.exe [384344 2014-02-17] (Lenovo.) HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1792800 2014-10-21] (Lenovo Group Limited) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [938032 2014-03-05] (Lenovo) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation) HKLM-x32\...\Run: [APVXDWIN] => C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE [1038192 2012-12-12] (Panda Security, S.L.) HKLM-x32\...\Run: [SCANINICIO] => C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Inicio.exe [70432 2012-11-08] (Panda Security, S.L.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH) HKLM-x32\...\Run: [RoccatKonePureOptical] => C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe [561152 2013-10-25] (ROCCAT GmbH) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe, Winlogon\Notify\avldr: C:\WINDOWS\SYSTEM32\avldr64.dll (On-Access Anti-Malware Scanner Sync) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\Run: [Amazon Music] => C:\Users\ntlor_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] () HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\MountPoints2: {3a3ea140-8b2b-11e4-bf72-806e6f6e6963} - "E:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\MountPoints2: {b85e7853-0287-11e4-bed3-3c970ebec5d3} - "E:\LGAutoRun.exe" AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2014-04-09] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\ntlor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{b2250a3c-1e78-b61a-b225-50a3c1e728f0}\OptimizerPro.exe (No File) Startup: C:\Users\ntlor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1554388160-2512906208-1949696757-1002 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.42.129 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\ntlor_000\AppData\Roaming\Mozilla\Firefox\Profiles\3w0y7wel.default FF DefaultSearchEngine: Ecosia FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1554388160-2512906208-1949696757-1002: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\ntlor_000\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin HKU\S-1-5-21-1554388160-2512906208-1949696757-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF Plugin HKU\S-1-5-21-1554388160-2512906208-1949696757-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) FF Extension: HTTPS-Everywhere - C:\Users\ntlor_000\AppData\Roaming\Mozilla\Firefox\Profiles\3w0y7wel.default\Extensions\https-everywhere@eff.org [2015-01-25] FF Extension: NoScript - C:\Users\ntlor_000\AppData\Roaming\Mozilla\Firefox\Profiles\3w0y7wel.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-09] FF Extension: Download YouTube Videos as MP4 - C:\Users\ntlor_000\AppData\Roaming\Mozilla\Firefox\Profiles\3w0y7wel.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-07-28] FF Extension: Ecosia — The search engine that plants trees! - C:\Users\ntlor_000\AppData\Roaming\Mozilla\Firefox\Profiles\3w0y7wel.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-08-07] FF Extension: Adblock Plus - C:\Users\ntlor_000\AppData\Roaming\Mozilla\Firefox\Profiles\3w0y7wel.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09] FF Extension: DownThemAll! - C:\Users\ntlor_000\AppData\Roaming\Mozilla\Firefox\Profiles\3w0y7wel.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-09] FF HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-05-10] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [613320 2014-09-30] (Lenovo Corporation) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.) S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo) S2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [235488 2012-12-14] (LENOVO INCORPORATED.) S2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2014704 2014-08-29] (Lenovo Group Limited) S2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [576992 2012-12-14] (LENOVO INCORPORATED.) S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [717768 2014-09-30] (Lenovo Corporation) S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited) S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474160 2014-03-05] (Lenovo) S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [470000 2014-06-10] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] () S2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.) S2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.) S2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.) S2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.) S2 PSHost; c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International) S2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.) S2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () S2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.) S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation) S2 Update Follow Rules; "C:\Program Files (x86)\Follow Rules\updateFollowRules.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.) S2 APPFLT; C:\WINDOWS\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S2 ComFiltr; C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [15928 2014-05-12] () S2 DSAFLT; C:\WINDOWS\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.) R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-06-27] (Intel Corporation) S2 FNETMON; C:\WINDOWS\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.) S2 IDSFLT; C:\WINDOWS\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.) S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX64.sys [39288 2014-03-25] (GN Netcom A/S) S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net) R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-31] (Lenovo) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation) S2 NETFLTDI; C:\WINDOWS\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.) R3 NETIMFLT01060044; C:\Windows\system32\DRIVERS\n64i1644.sys [216648 2010-09-01] (Panda Security, S.L.) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3351520 2014-07-02] (Intel Corporation) S0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) S3 RCUVCAVS; C:\Windows\system32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.) S1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated) S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S2 WNMFLT; C:\WINDOWS\system32\Drivers\WNMFLT64.SYS [74760 2009-09-25] (Panda Security, S.L.) S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X] S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X] S3 moufiltr; \SystemRoot\System32\drivers\moufiltr.sys [X] S3 PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys [X] S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X] S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X] S3 vhidmini; \SystemRoot\System32\drivers\walvhid.sys [X] S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 16:38 - 2015-02-16 16:38 - 00012800 ___SH () C:\Users\ntlor_000\Documents\Thumbs.db 2015-02-16 15:07 - 2015-02-16 15:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-16 15:07 - 2015-02-16 15:07 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-16 15:07 - 2015-02-16 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-16 15:07 - 2015-02-16 15:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-16 15:07 - 2015-02-16 15:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-16 15:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-16 15:07 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-16 15:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-15 21:38 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150215-213835.backup 2015-02-15 21:14 - 2015-02-16 15:29 - 00000678 _____ () C:\WINDOWS\setupact.log 2015-02-15 21:14 - 2015-02-16 15:18 - 00009104 _____ () C:\WINDOWS\PFRO.log 2015-02-15 21:14 - 2015-02-15 21:14 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-02-15 21:13 - 2015-02-15 21:13 - 00114688 ___SH () C:\Users\ntlor_000\Downloads\Thumbs.db 2015-02-15 21:12 - 2015-02-16 15:18 - 00000000 ____D () C:\AdwCleaner 2015-02-15 21:10 - 2015-02-15 21:13 - 00000000 ____D () C:\Users\ntlor_000\Documents\Antivir 2015-02-15 20:58 - 2015-02-15 20:58 - 00001295 _____ () C:\Users\ntlor_000\Desktop\Revo Uninstaller.lnk 2015-02-15 20:58 - 2015-02-15 20:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-02-15 20:51 - 2015-02-16 16:45 - 00000000 ____D () C:\FRST 2015-02-15 20:25 - 2015-02-15 20:25 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2015-02-15 20:24 - 2015-02-15 21:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-02-15 20:24 - 2015-02-15 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-02-15 20:24 - 2015-02-15 20:24 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-02-15 20:24 - 2015-02-15 20:24 - 00001406 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-02-15 20:24 - 2015-02-15 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-02-15 20:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2015-02-15 19:14 - 2015-02-15 19:14 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-15 18:56 - 2015-02-15 18:56 - 00001298 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2015-02-15 18:56 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys 2015-02-15 18:25 - 2015-02-15 18:25 - 00000000 ____D () C:\Users\ntlor_000\AppData\Roaming\Free Picture Solutions 2015-02-15 18:21 - 2015-02-15 21:05 - 00000000 ____D () C:\ProgramData\{b2250a3c-1e78-b61a-b225-50a3c1e728f0} 2015-02-14 08:49 - 2015-02-14 08:49 - 00000000 ____D () C:\Users\ntlor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth 2015-02-12 20:59 - 2015-02-12 20:59 - 00000000 ___RD () C:\Users\ntlor_000\Documents\HP Photo Creations 2015-02-12 20:58 - 2015-02-16 16:03 - 00000438 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job 2015-02-12 20:58 - 2015-02-12 20:59 - 00000000 ____D () C:\Users\ntlor_000\AppData\Roaming\HP Photo Creations 2015-02-12 20:58 - 2015-02-12 20:58 - 00003424 _____ () C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator 2015-02-12 20:58 - 2015-02-12 20:58 - 00002171 _____ () C:\Users\ntlor_000\Desktop\HP Photo Creations.lnk 2015-02-12 20:58 - 2015-02-12 20:58 - 00000000 ____D () C:\Users\ntlor_000\AppData\Roaming\Visan 2015-02-12 20:58 - 2015-02-12 20:58 - 00000000 ____D () C:\Users\ntlor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2015-02-12 20:56 - 2015-02-12 20:57 - 41355368 _____ (HP) C:\Users\ntlor_000\Downloads\hpphotocreations.exe 2015-02-12 16:42 - 2015-02-12 16:42 - 00003622 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8620 2015-02-12 16:42 - 2015-02-12 16:42 - 00002231 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8620.lnk 2015-02-12 16:42 - 2015-02-12 16:42 - 00000982 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk 2015-02-12 16:42 - 2015-02-12 16:42 - 00000000 ____D () C:\Users\ntlor_000\AppData\Roaming\HpUpdate 2015-02-12 16:42 - 2015-02-12 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-02-12 16:42 - 2015-02-12 16:42 - 00000000 ____D () C:\ProgramData\HP 2015-02-12 16:42 - 2015-02-12 16:42 - 00000000 ____D () C:\Program Files\HP 2015-02-12 16:42 - 2015-02-12 16:42 - 00000000 ____D () C:\Program Files (x86)\HP 2015-02-12 16:42 - 2015-02-12 16:42 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2015-02-12 16:42 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM7012.dll 2015-02-12 16:41 - 2015-02-12 16:41 - 00000057 _____ () C:\ProgramData\Ament.ini 2015-02-12 16:39 - 2015-02-12 20:54 - 00000000 ____D () C:\Users\ntlor_000\AppData\Local\HP 2015-02-08 14:48 - 2015-02-08 14:48 - 00000000 ____D () C:\Users\ntlor_000\Downloads\2014-12-24-wheezy-raspbian 2015-02-08 14:44 - 2015-02-08 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer 2015-02-08 14:44 - 2015-02-08 14:44 - 00000000 ____D () C:\Program Files (x86)\ImageWriter 2015-02-08 14:43 - 2015-02-08 14:40 - 02355542 _____ () C:\Users\ntlor_000\Downloads\RPi_Wallpaper.zip 2015-02-08 14:42 - 2015-02-06 16:06 - 1007131580 _____ () C:\Users\ntlor_000\Downloads\2014-12-24-wheezy-raspbian.zip 2015-02-01 12:01 - 2015-02-01 12:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-01 10:12 - 2015-02-01 11:54 - 1007131580 _____ () C:\Users\ntlor_000\Downloads\raspbian_latest-{ac801ccb-49fd-4ba3-ba43-3b2597edcf5d}.dtapart ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 16:43 - 2014-05-09 14:46 - 00000200 _____ () C:\WINDOWS\system32\Drivers\etc\NetAdapt.cfg 2015-02-16 16:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-16 16:40 - 2014-12-21 07:19 - 01158491 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-16 16:40 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-16 16:39 - 2014-06-11 19:52 - 00000000 ____D () C:\Users\ntlor_000\Documents\Studium 2015-02-16 16:39 - 2014-06-11 19:51 - 00000000 ____D () C:\Users\ntlor_000\Documents\Sonstiges 2015-02-16 16:38 - 2014-06-11 19:50 - 00000000 ____D () C:\Users\ntlor_000\Documents\Lerntechiken 2015-02-16 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-16 15:55 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-16 15:51 - 2014-05-09 15:04 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-16 15:26 - 2014-03-18 11:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-16 15:24 - 2014-05-08 20:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1554388160-2512906208-1949696757-1002 2015-02-16 15:21 - 2014-05-12 19:03 - 00000056 _____ () C:\WINDOWS\system32\Drivers\etc\WnmFlt.cfg.bck 2015-02-16 15:21 - 2014-05-12 19:03 - 00000056 _____ () C:\WINDOWS\system32\Drivers\etc\WnmFlt.cfg 2015-02-16 15:21 - 2014-05-12 19:03 - 00000056 _____ () C:\WINDOWS\system32\Drivers\etc\DsaFlt.cfg.bck 2015-02-16 15:21 - 2014-05-12 19:03 - 00000056 _____ () C:\WINDOWS\system32\Drivers\etc\DsaFlt.cfg 2015-02-16 15:21 - 2014-05-12 19:02 - 00000252 _____ () C:\WINDOWS\system32\Drivers\etc\IdsFlt.cfg.bck 2015-02-16 15:21 - 2014-05-12 19:02 - 00000252 _____ () C:\WINDOWS\system32\Drivers\etc\IdsFlt.cfg 2015-02-16 15:21 - 2014-05-12 19:02 - 00000068 _____ () C:\WINDOWS\system32\Drivers\etc\NetFlt.cfg.bck 2015-02-16 15:21 - 2014-05-12 19:02 - 00000068 _____ () C:\WINDOWS\system32\Drivers\etc\NetFlt.cfg 2015-02-16 15:21 - 2014-05-12 18:59 - 00501332 _____ () C:\WINDOWS\system32\Drivers\APPFCONT.DAT.bck 2015-02-16 15:21 - 2014-05-12 18:59 - 00501332 _____ () C:\WINDOWS\system32\Drivers\APPFCONT.DAT 2015-02-16 15:21 - 2014-05-12 18:59 - 00303044 _____ () C:\WINDOWS\system32\Drivers\etc\DsaFlt.rls.bck 2015-02-16 15:21 - 2014-05-12 18:59 - 00303044 _____ () C:\WINDOWS\system32\Drivers\etc\DsaFlt.rls 2015-02-16 15:21 - 2014-05-12 18:59 - 00001132 _____ () C:\WINDOWS\system32\Drivers\APPFLTR.CFG.bck 2015-02-16 15:21 - 2014-05-12 18:59 - 00001132 _____ () C:\WINDOWS\system32\Drivers\APPFLTR.CFG 2015-02-16 15:21 - 2014-05-09 14:47 - 00000500 _____ () C:\WINDOWS\system32\Drivers\etc\NetLoc.wlt.bck 2015-02-16 15:21 - 2014-05-09 14:47 - 00000500 _____ () C:\WINDOWS\system32\Drivers\etc\NetLoc.wlt 2015-02-16 15:19 - 2014-12-23 09:10 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2015-02-16 15:19 - 2014-12-21 14:43 - 00000000 ___RD () C:\Users\ntlor_000\OneDrive 2015-02-16 15:19 - 2014-05-12 19:00 - 00000060 _____ () C:\WINDOWS\system32\Drivers\etc\NetAR.wlt.bck 2015-02-16 15:19 - 2014-05-12 19:00 - 00000060 _____ () C:\WINDOWS\system32\Drivers\etc\NetAR.wlt 2015-02-16 15:19 - 2014-05-09 14:46 - 00000200 _____ () C:\WINDOWS\system32\Drivers\etc\NetAdapt.cfg.bck 2015-02-15 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-15 21:14 - 2014-05-10 04:57 - 00000000 ____D () C:\Program Files\Lenovo 2015-02-15 21:07 - 2014-06-11 19:52 - 00000000 ____D () C:\Users\ntlor_000\Documents\Behinderung 2015-02-15 21:07 - 2014-06-11 19:51 - 00000000 ____D () C:\Users\ntlor_000\Documents\Scans 2015-02-15 21:07 - 2014-06-11 19:50 - 00000000 ____D () C:\Users\ntlor_000\Documents\Debeka 2015-02-15 21:07 - 2014-05-09 12:49 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-02-15 18:56 - 2014-05-12 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2015-02-15 18:56 - 2014-05-08 22:12 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2015-02-15 18:30 - 2012-07-26 06:26 - 00000266 _____ () C:\WINDOWS\win.ini 2015-02-15 18:28 - 2014-05-08 22:26 - 00008627 _____ () C:\WINDOWS\SysWOW64\PAV_FOG.OPC 2015-02-15 18:19 - 2014-07-21 11:23 - 00000000 ____D () C:\Users\ntlor_000\AppData\Roaming\foobar2000 2015-02-14 14:02 - 2015-01-03 11:00 - 00000000 ____D () C:\Users\ntlor_000\Documents\Bewerbung 2015-02-14 13:50 - 2014-05-09 17:05 - 00000000 ____D () C:\Users\ntlor_000 2015-02-12 21:10 - 2014-06-11 19:50 - 00000000 ____D () C:\Users\ntlor_000\Documents\DAK 2015-02-12 20:23 - 2014-05-15 16:45 - 00000000 ____D () C:\Users\ntlor_000\AppData\Roaming\Foxit Software 2015-02-12 19:39 - 2014-11-18 22:00 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2015-02-12 16:28 - 2014-05-09 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-11 17:53 - 2014-05-09 15:04 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-08 15:00 - 2014-05-08 21:05 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-08 14:58 - 2014-05-08 21:05 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-17 09:13 - 2014-05-08 20:42 - 00000000 ____D () C:\ProgramData\Package Cache ==================== Files in the root of some directories ======= 2014-11-11 06:46 - 2014-11-11 06:47 - 0004608 _____ () C:\Users\ntlor_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-11 08:03 - 2014-11-11 08:03 - 0002159 _____ () C:\Users\ntlor_000\AppData\Local\recently-used.xbel 2015-02-12 16:41 - 2015-02-12 16:41 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-05-10 04:58 - 2014-05-10 04:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-10 05:06 - 2014-05-10 05:06 - 0000198 ____H () C:\ProgramData\Lenovo-5996.vbs 2014-05-18 13:31 - 2014-05-18 18:38 - 1763805 _____ () C:\ProgramData\LMabWiaMini.log 2014-05-08 20:40 - 2014-05-10 21:24 - 0007298 _____ () C:\ProgramData\MH_ErrorLog.txt 2014-05-10 05:05 - 2014-05-10 05:05 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log 2014-05-10 05:03 - 2014-05-10 05:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2014-05-10 05:04 - 2014-05-10 05:04 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2014-05-10 05:05 - 2014-05-10 05:05 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log Files to move or delete: ==================== C:\ProgramData\Lenovo-5996.vbs Some content of TEMP: ==================== C:\Users\ntlor_000\AppData\Local\Temp\Quarantine.exe C:\Users\ntlor_000\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-11 16:54 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by ntlor_000 at 2015-02-15 20:55:21
Running from C:\Users\ntlor_000\Documents\fsr
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Internet Security 2013 (Enabled - Up to date) {65216B53-8D58-3C85-9923-623F89CF692B}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Internet Security 2013 (Enabled - Up to date) {DE408AB7-AB62-330B-A393-594DF2482396}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Personal Firewall 2013 (Enabled) {5D1AEA76-C737-3DDD-B27C-CB0A771C2E50}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
PowerDVD Create 10 (x32 Version: 10.0.1.2020 - CyberLink Corp.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-1554388160-2512906208-1949696757-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Craft The World (HKLM-x32\...\Steam App 248390) (Version: - Dekovir Entertainment)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4420.52 - CyberLink Corp.)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version: - SQUARE ENIX)
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{EE25D6F6-59AF-48A7-87E1-15A81D1C5E22}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\HP Photo Creations) (Version: 1.0.0.17422 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera Driver Installer Package Ver.1.0.0.30 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.30 - RICOH)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41651) (Version: 3.8.0.41651.58 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.3.400 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jabra PC Suite 2.14.5888 (HKLM-x32\...\{6D22DD53-EC7D-45E7-A996-A18CB7C8DFE9}) (Version: 2.14.5888.0 - GN Netcom A/S)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.05.0013 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0035 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.8.0 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.13 - Lenovo Group Limited)
Lenovo Settings - Power (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 7.48.1 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.2.27 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.84 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.2.9 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.5 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0007.00 - Lenovo)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1554388160-2512906208-1949696757-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
NVIDIA Graphics Driver 333.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.02 - NVIDIA Corporation)
NVIDIA Update 11.10.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.11 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Panda Internet Security 2013 (HKLM-x32\...\{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}) (Version: 18.01.01 - Panda Security)
Panda Internet Security 2013 (x32 Version: 18.01.01 - Panda Security) Hidden
Password Depot 6 - Panda Secure Vault Edition (HKLM-x32\...\{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1) (Version: 6.1.5 - AceBIT GmbH)
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{0E8EC6E3-3AD8-4AB0-8EB3-AA835A20EDD7}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RICOH_Media_Driver_v2.25.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.25.18.01 - RICOH)
ROCCAT Kone Pure Optical Mouse Driver (HKLM-x32\...\{22D40E66-0D41-45A3-A8A1-90B8A38D9A68}) (Version: - Roccat GmbH)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarMoney (x32 Version: 3.0.6.40 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 (HKLM-x32\...\{04531BAF-E442-43FC-8D87-A004F87498B6}) (Version: 9.0 - Star Finanz GmbH)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{68D50088-CE92-4FF0-A220-D875E2E73151}) (Version: 6.0.0.8102 - Authentec Inc.)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.2.0 - Lenovo Group Limited)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WaveEditor (x32 Version: 1.0.1.4406 - CyberLink Corp.) Hidden
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9580 - Broadcom Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (HKLM\...\E56A6B34B44A7A597FFEBE0E14D81095E0FD4D73) (Version: 08/15/2012 1.66.00.07 - Lenovo)
Windows Driver Package - Synaptics (SmbDrv) System (08/16/2012 16.2.10.5) (HKLM\...\C57F9A2A0D8A43ADB5E8983DF3B6E4671E47D80D) (Version: 08/16/2012 16.2.10.5 - Synaptics)
Windows Driver Package - Synaptics (SynTP) Mouse (08/16/2012 16.2.10.5) (HKLM\...\AAAEE77A6D9106120BBA5A7499E7EA33C5A65AB5) (Version: 08/16/2012 16.2.10.5 - Synaptics)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1554388160-2512906208-1949696757-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1554388160-2512906208-1949696757-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1554388160-2512906208-1949696757-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ntlor_000\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1554388160-2512906208-1949696757-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ntlor_000\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1554388160-2512906208-1949696757-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ntlor_000\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1554388160-2512906208-1949696757-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ntlor_000\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1554388160-2512906208-1949696757-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ntlor_000\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
25-01-2015 09:52:09 Scheduled Checkpoint
08-02-2015 14:58:08 Windows Update
15-02-2015 18:21:00 Removed LG United Mobile Drivers.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {019D9DA8-EA58-4AB9-AAA2-BF3791F3D670} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {25F039BD-CECF-4CB9-844D-D71FE46DCA49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {2A96FC52-F59A-4F3C-8B26-C1404B02D23E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {44EBA62F-AE32-46B2-B0D8-2A8E1E30C1BF} - System32\Tasks\Lenovo\Lenovo-5996 => C:\ProgramData\Lenovo-5996.vbs [2014-05-10] ()
Task: {499E2FCB-C842-4B4F-8265-606AACD29C05} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {4B51963D-B473-4570-852B-D317BA91BDB9} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {557510A9-8366-41F7-804C-F8F9B01B1B26} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5A237896-B0FF-4987-AD93-1B0950044497} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5C58955D-47DD-41EB-BFD4-2F9C2ED7E78A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {7AAEF7CB-3C4B-4AEA-951F-18A95826CD47} - System32\Tasks\Dolby => c:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
Task: {7FBB72D6-D76E-421C-838D-90C0E077211D} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1554388160-2512906208-1949696757-1002
Task: {86AE4807-A7A9-4697-AC24-B192030151B6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {94807957-0927-4FD7-9FC9-848DB43A6633} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {979BA3C3-9B99-422F-AEAC-B8DF8AC89FF4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {990E64A9-2CA3-4D22-AF5E-73287C62268D} - System32\Tasks\HP Photo Creations Communicator => C:\Users\ntlor_000\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-02-02] ()
Task: {9AAF144E-1EB3-419C-B41F-36F488BCAA5D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {9BD5BCF7-04DF-462D-98AC-25C76DF92B38} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {A75AADE8-1EE2-4AA2-8F48-BFDB1630D396} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AFC20CC8-23DA-4034-A772-86135681AD1D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C7352EB1-0D12-4B92-AAD6-91DD4B828506} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C74988DC-6C4E-41C7-9D4B-49E907CCA00C} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {C9E0A48E-07F8-4197-A849-BF1D1FDDA427} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {CA96ABF1-03D4-4D07-A445-DCCD91861614} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {D9F34534-4F6D-4485-8186-B3F227099ECB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-08] (Microsoft Corporation)
Task: {DAB453DB-C011-45EB-A6FC-392CDA89B51E} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2012-05-25] (CyberLink)
Task: {DEA3C997-7EC0-443A-813E-B36F21E801DF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {EEB14DE1-5F49-4D2F-958E-39F88BC1869B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {F4964603-4073-4C60-9C4B-8679F628C50C} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {F6874CFA-5F54-4784-85BD-C32A9FF410E9} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-07-28] (Synaptics Incorporated)
Task: {F88B7119-2C39-414E-B1A4-708F3EA30205} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2012-07-13] (CyberLink Corp.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\ntlor_000\AppData\Roaming\HP Photo Creations\Communicator.exe
==================== Loaded Modules (whitelisted) ==============
2013-09-05 01:36 - 2014-04-09 07:11 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-09 17:03 - 2014-04-08 22:06 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-05 09:16 - 2014-08-21 21:48 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll
2014-05-08 21:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-21 01:44 - 2014-09-23 14:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-05 09:16 - 2014-08-21 21:48 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2012-10-27 00:44 - 2014-06-10 16:35 - 00470000 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-07-11 03:04 - 2014-10-21 10:29 - 00601376 _____ () C:\Program Files\Lenovo\Password Manager\pwm_website_config.dll
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-27 00:44 - 2014-06-10 16:35 - 00014320 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2015-02-15 18:29 - 2015-02-15 03:35 - 00353520 _____ () C:\Program Files (x86)\Follow Rules\bin\FollowRules.PurBrowse64.exe
2015-02-15 18:30 - 2015-02-15 00:28 - 00101616 _____ () C:\Program Files (x86)\Follow Rules\bin\FollowRules.expext.exe
2015-02-15 17:30 - 2015-02-15 17:30 - 00409328 _____ () C:\Program Files (x86)\Follow Rules\updateFollowRules.exe
2015-02-15 19:15 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-06-16 09:39 - 2014-04-09 07:11 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-10 05:08 - 2014-09-30 05:42 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-05-10 05:08 - 2014-09-30 05:42 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-05-12 18:59 - 2007-02-14 11:55 - 00165424 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\MiniCrypto.dll
2014-05-12 18:59 - 2004-05-19 09:33 - 00507904 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\libxml2.dll
2014-05-12 18:59 - 2007-02-14 11:55 - 00099888 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APIcr.dll
2014-11-18 22:01 - 2011-01-13 00:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2012-05-25 05:19 - 2012-05-25 05:19 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2012-05-25 05:19 - 2012-05-25 05:19 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-16 18:56 - 2013-12-03 12:36 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-28 00:37 - 2014-10-28 00:37 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2014-10-28 00:37 - 2014-10-28 00:37 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-10-21 10:26 - 2014-10-21 10:26 - 00546592 _____ () C:\Program Files (x86)\Lenovo\Password Manager\pwm_website_config.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2014-05-10 05:06 - 2012-12-14 18:55 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-06-23 17:57 - 2012-10-01 17:53 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\hiddriver.dll
2015-02-15 18:29 - 2015-02-15 00:28 - 00082160 _____ () C:\Program Files (x86)\Follow Rules\bin\FollowRules.expextdll.dll
2015-02-01 12:01 - 2015-02-01 12:01 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-15 20:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-15 20:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-15 20:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-15 20:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-15 20:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\ntlor_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (10).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (11).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (12).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (5).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (6).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (7).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (8).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive (9).old:ms-properties
AlternateDataStreams: C:\Users\ntlor_000\OneDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1554388160-2512906208-1949696757-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ntlor_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img3.jpg
DNS Servers: 192.168.42.129
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1554388160-2512906208-1949696757-1002\...\StartupApproved\Run: => "Amazon Music"
==================== Accounts: =============================
Administrator (S-1-5-21-1554388160-2512906208-1949696757-500 - Administrator - Disabled)
Guest (S-1-5-21-1554388160-2512906208-1949696757-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1554388160-2512906208-1949696757-1006 - Limited - Enabled)
ntlor_000 (S-1-5-21-1554388160-2512906208-1949696757-1002 - Administrator - Enabled) => C:\Users\ntlor_000
UpdatusUser (S-1-5-21-1554388160-2512906208-1949696757-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2015 08:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0x2168
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:54:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0xdc4
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:53:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0x2294
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:52:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0xf74
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:51:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0x838
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:50:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0x1fc8
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0x21ec
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:48:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0x16f0
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:47:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0x1b9c
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
Error: (02/15/2015 08:46:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: btwdins.exe, version: 12.0.0.9580, time stamp: 0x533b5af1
Faulting module name: btwprofpack.dll, version: 12.0.0.9580, time stamp: 0x533b588b
Exception code: 0xc0000005
Fault offset: 0x00000000002ab2dc
Faulting process id: 0x20a0
Faulting application start time: 0xbtwdins.exe0
Faulting application path: btwdins.exe1
Faulting module path: btwdins.exe2
Report Id: btwdins.exe3
Faulting package full name: btwdins.exe4
Faulting package-relative application ID: btwdins.exe5
System errors:
=============
Error: (02/15/2015 08:55:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:54:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:52:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:51:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:50:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:49:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:48:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:47:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2015 08:46:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (02/15/2015 08:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dc216801d0495963336b8cC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dlla1e228d7-b54c-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:54:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dcdc401d049593dfeed64C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll7ca40d9f-b54c-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:53:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dc229401d0495918efcf9fC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll578903f6-b54c-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:52:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dcf7401d04958f3b8935eC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll32689b5a-b54c-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:51:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dc83801d04958cebda661C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll0d45548b-b54c-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:50:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dc1fc801d04958a9c63d71C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dlle8505ade-b54b-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dc21ec01d04958848910caC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dllc316e387-b54b-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:48:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dc16f001d049585f87f3d0C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll9e0ee9bb-b54b-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:47:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dc1b9c01d049583a9315c9C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll79194031-b54b-11e4-bf8d-a6991c282aa5
Error: (02/15/2015 08:46:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: btwdins.exe12.0.0.9580533b5af1btwprofpack.dll12.0.0.9580533b588bc000000500000000002ab2dc20a001d04958156e3fc8C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll53f13c20-b54b-11e4-bf8d-a6991c282aa5
CodeIntegrity Errors:
===================================
Date: 2014-11-17 13:43:22.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-05 09:52:52.967
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-05 09:52:48.927
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-05 09:52:45.563
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-05 09:52:03.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-05 09:51:52.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-08-26 13:05:39.144
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-08-26 13:04:46.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-08-05 20:29:48.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-08-05 19:03:28.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 16%
Total physical RAM: 16202.86 MB
Available physical RAM: 13589.36 MB
Total Pagefile: 18634.86 MB
Available Pagefile: 15395.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:146.35 GB) (Free:67.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:59.6 GB) (Free:4.2 GB) exFAT
Drive f: (Elements) (Fixed) (Total:1862.98 GB) (Free:1612.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: 72913747)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 59.6 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 5889B31C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2c6cfdf2e33a884c880a6d7e9526d34f
# engine=22482
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-15 08:06:21
# local_time=2015-02-15 09:06:21 (+0100, W. Europe Standard Time)
# country="Australia"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Panda Internet Security 2013'
# compatibility_mode=1545 16777213 100 96 10181 391249005 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8237178 26387004 0 0
# scanned=286306
# found=14
# cleaned=13
# scan_time=6277
sh=35D716B7ACDBDCEF91377C6F2560AC1F5FEFE932 ft=1 fh=18dbbb278470fffc vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\{b2250a3c-1e78-b61a-b225-50a3c1e728f0}\OptimizerPro.exe"
sh=12C73EB21618C58657262CA198913A70EEDB67C8 ft=1 fh=62d693974387a2e8 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\updateFollowRules.exe"
sh=9B06E30E267FF48654D2D78E6D54ED529136512E ft=1 fh=2d60993e45a76312 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\bin\4a917b82b02e49db87b993c2fbec60d7.dll"
sh=0027BB9061E92C2863314F9C864A513DD8CAC55D ft=1 fh=472449a86d6c9f99 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\bin\4a917b82b02e49db87b993c2fbec60d764.dll"
sh=F6F763718DB6D87B49448D80D12440AC240996C0 ft=1 fh=6966b5cfa477c215 vn="Variante von Win32/BrowseFox.AC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\bin\FollowRules.BrowserAdapter.exe"
sh=9EBD9A79F6CA5101ACA84EC147725C56DFFC377E ft=1 fh=cbfb0141e184feff vn="Win64/BrowseFox.CO evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\bin\FollowRules.BrowserAdapter64.exe"
sh=5B2EEE9B537AA736BD373389528864F868B2F315 ft=1 fh=6c5a6015c16302fc vn="Win32/BrowseFox.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\bin\FollowRules.expext.exe"
sh=567000DB8A7AD177971862153ED6AAB8CF8AD60C ft=1 fh=a5b6913596cdc48f vn="Variante von Win64/BrowseFox.CJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\bin\FollowRules.expextdll.dll"
sh=7D0E7DACF1AD63A17B88DB176289F898477C9AE2 ft=1 fh=16578ce3cc73e8b4 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\bin\FollowRules.PurBrowse64.exe"
sh=12C73EB21618C58657262CA198913A70EEDB67C8 ft=1 fh=62d693974387a2e8 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Follow Rules\bin\utilFollowRules.exe"
sh=35D716B7ACDBDCEF91377C6F2560AC1F5FEFE932 ft=1 fh=18dbbb278470fffc vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\{b2250a3c-1e78-b61a-b225-50a3c1e728f0}\OptimizerPro.exe"
sh=8B02740E091D6DF14B947545CBC9E46DE914A549 ft=1 fh=a1c13e38a961154a vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\ntlor_000\AppData\Local\Temp\optprosetup.exe"
sh=47B19AB97028D8925579BED54EFEE88C8107D6B6 ft=1 fh=34f71966959b3eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\ntlor_000\AppData\Local\Temp\DMR\dmr_72.exe"
sh=9C3595D09F0642525B2B5C4418C282E614FCBFB6 ft=1 fh=56c8886f0ceff432 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\ntlor_000\AppData\Local\Temp\~nsu.tmp\Au_.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2c6cfdf2e33a884c880a6d7e9526d34f
# engine=22494
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-16 04:47:13
# local_time=2015-02-16 05:47:13 (+0100, W. Europe Standard Time)
# country="Australia"
# lang=3081
# osver=6.3.9600 NT
# compatibility_mode_1='Panda Internet Security 2013'
# compatibility_mode=1545 16777214 100 96 7626 391323457 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8315230 26461456 0 0
# scanned=245093
# found=1
# cleaned=1
# scan_time=1915
sh=838037940266A313DB1FA04AD9A0C45FB0D09D02 ft=1 fh=fc34c5e7fd4c8b48 vn="a variant of Win32/DownloadGuide.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\ntlor_000\Documents\Antivir\spybot-search-destroy.exe"
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16/02/2015 Scan Time: 4:59:42 PM Logfile: Malwarebyte16022015.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.11.20.06 Rootkit Database: v2014.11.18.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: ntlor_000 Scan Type: Threat Scan Result: Completed Objects Scanned: 388916 Time Elapsed: 5 min, 1 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v4.110 - Logfile created 16/02/2015 at 16:50:54
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 8.1 Pro (x64)
# Username : ntlor_000 - DINGO
# Running from : C:\Users\ntlor_000\Documents\Antivir\AdwCleaner_4.110.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v35.0.1 (x86 en-GB)
*************************
AdwCleaner[R0].txt - [3134 bytes] - [15/02/2015 21:12:16]
AdwCleaner[R1].txt - [868 bytes] - [15/02/2015 21:42:57]
AdwCleaner[R2].txt - [926 bytes] - [16/02/2015 15:17:17]
AdwCleaner[R3].txt - [789 bytes] - [16/02/2015 16:50:54]
AdwCleaner[S0].txt - [2629 bytes] - [15/02/2015 21:13:26]
AdwCleaner[S1].txt - [991 bytes] - [16/02/2015 15:18:22]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [964 bytes] ##########
Falls ich was vergessen habe liefer ich das gerne nach jedenfalls vielen Dank schonmal vorweg . Beste Grüße Dingo |
|
16.02.2015, 21:09
| #2 |
| /// TB-Ausbilder   | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. Hallo Dingo
__________________ Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
 Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten". Paar Reste noch löschen: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\ntlor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{b2250a3c-1e78-b61a-b225-50a3c1e728f0}\OptimizerPro.exe (No File)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  SecurityCheck und:
Dein Bluetooth Treiber+Software sind defekt, am besten komplett deinstallieren und neu bei Lenovo herunterladen.
__________________ |
|
17.02.2015, 16:24
| #3 |
| | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. Hallo Timo ,
__________________danke für deine Hilfe. Hier die sind die Log-Files. FRST64 : Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by ntlor_000 at 2015-02-17 15:59:17 Run:1
Running from C:\Users\ntlor_000\Documents\Antivir\fsr
Loaded Profiles: UpdatusUser & ntlor_000 (Available profiles: UpdatusUser & ntlor_000)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Startup: C:\Users\ntlor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{b2250a3c-1e78-b61a-b225-50a3c1e728f0}\OptimizerPro.exe (No File)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
emptytemp:
*****************
C:\Users\ntlor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk not found.
C:\ProgramData\{b2250a3c-1e78-b61a-b225-50a3c1e728f0}\OptimizerPro.exe not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
EmptyTemp: => Removed 60.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 15:59:18 ====
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro x64
Ran by ntlor_000 on Tue 17/02/2015 at 16:08:21.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 17/02/2015 at 16:11:45.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
|
|
17.02.2015, 16:46
| #4 |
| /// TB-Ausbilder | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. Jo, der hat bissl Probleme mit Win 8.1 Mach mal EEKScan - der dauert allerdings länger ! Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik Geändert von Warlord711 (17.02.2015 um 16:47 Uhr) Grund: Eset war ja schon ^^ |
|
17.02.2015, 22:00
| #5 |
| | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. Nach dem Neustart hatte sich SecurityCheck das doch nochmal anders über legt. checkup.txt : Code:
ATTFilter Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Panda Internet Security 2013
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Panda Cloud Cleaner
Java 7 Update 55
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
panda security panda internet security 2013 firewall PSHOST.EXE
StarMoney 9.0 ouservice StarMoneyOnlineUpdate.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
18.02.2015, 09:33
| #6 |
| /// TB-Ausbilder | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. Ok.
__________________ --> Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. |
|
18.02.2015, 17:09
| #7 |
| | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. EEK Deep Scan ohne PUPs Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 17/02/2015 8:07:41 PM
Benutzerkonto: DINGO\ntlor_000
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, F:\
PUPs-Erkennung: Aus
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 17/02/2015 8:10:10 PM
Value: HKEY_USERS\S-1-5-21-1554388160-2512906208-1949696757-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1554388160-2512906208-1949696757-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} gefunden: Application.Win32.InstallAd (A)
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{4a917b82-b02e-49db-87b9-93c2fbec60d7}Gw64.sys.vir gefunden: Adware.SwiftBrowse.CH (B)
Gescannt 345997
Gefunden 5
Scan-Ende: 17/02/2015 9:44:46 PM
Scan-Zeit: 1:34:36
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{4a917b82-b02e-49db-87b9-93c2fbec60d7}Gw64.sys.vir Quarantäne Adware.SwiftBrowse.CH (B)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Quarantäne Application.Win32.InstallAd (A)
Value: HKEY_USERS\S-1-5-21-1554388160-2512906208-1949696757-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1554388160-2512906208-1949696757-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)
Quarantäne 4
Gelöscht 0
Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 17/02/2015 10:07:28 PM
Benutzerkonto: DINGO\ntlor_000
Scan-Einstellungen:
Scan Methode: Eigener Scan
Objekte: Rootkits, Speicher, Traces, C:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 17/02/2015 10:09:57 PM
Gescannt 304481
Gefunden 0
Scan-Ende: 17/02/2015 10:33:51 PM
Scan-Zeit: 0:23:54
|
|
19.02.2015, 08:59
| #8 |
| /// TB-Ausbilder | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. Also von einem Trojaner ist nichts zu erkennen gewesen, da hast du vorab schon gute Arbeit geleistet  Die Logs sind soweit auch sauber. Java 7 Update 55 Musst nur noch die 32-bit Version von Java aktualisieren: Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen oder Lob, Kritik und Wünsche loswerden? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
19.02.2015, 17:54
| #9 |
| | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. So nun habe ich auch die letzten Schritte getan und hoffe wieder ein sauberes System zu nutzen. Der Download von TFC bei Filepony funktioniert leider nicht mehr, hast du vieleicht nen Tipp welche Seite noch vertrauenswürdig sind? Das wichtigste kommt aber hier : ein riesengroßes  !!!Deine Hilfe war super , alles sehr verständlich und umsetzbar . Ich habe jetzt auch einige Programme mehr die ich zum sauberhalten nutzen kann und vorher noch garnicht kannte. Ich wünsche dir alles Gute und hoffe nicht allzu bald wieder in dieser Sache um Hilfe bitten zu müssen .Aber ich weiss sonst ja an wen ich mich wenden kann. Beste Grüße Dingo |
|
20.02.2015, 11:03
| #10 | |
| /// TB-Ausbilder | Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe.Zitat:
Bleepingcomputer ist extremst vertrauenswürdig.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
| Themen zu Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe. |
| adware, browser, cpu, defender, desktop, downloader, feedback, flash player, home, iexplore.exe, internet, mozilla, office 365, officejet, popup, problem, programm, pwmtr64v.dll, realtek, refresh, registry, revo uninstaller, rundll, safer networking, scan, security, services.exe, software, starmoney, svchost.exe, system, taskmanager, trj/ci.a, win32/browsefox.ac, win64/browsefox.ck, win64/browsefox.co, windows |
Linear-Darstellung
