Larifari | 26.10.2013 09:46 | Windows 8: regelmäßig bluescreens / Defender-Echtzeitschutz nicht aktivierbar Liebes Forum,
ich benötige mal wieder Hilfe. Sehr häufig startet mein Windows8-PC nach einem Bluescreen neu. Als Fehlermeldgung erscheint meistens KERNEL_DATA_INPUT_ERROR, manchmal aber auch was anderes, was ich mir nicht merken konnte.
Seit heute ist auch der Echtzeitschutz des Windows Defender nicht mehr aktiviert und ich kann ihn auch nicht einschalten.
Malwarebytes hat nichts gefunden.
Bei GMER gab es mehrfach die Fehlermeldung, daß er nicht auf C:\WINDOWS\system32\config\system und einmal auch C:\Users\Admin\ntuser.dat zugreifen kann. Der Scan wurde auch mehrfach abgebrochen, aber schließlich hat es funktioniert.
Hier die Logs. Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:03 on 26/10/2013 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013
Ran by Christina (ATTENTION: The logged in user is not administrator) on LENOVO-PC on 26-10-2013 10:40:43
Running from C:\Users\Christina\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\x64\avfulsvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Christina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dolby Laboratories Inc.) c:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [222720 2012-08-24] (Lenovo.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-06-25] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [593408 2013-07-04] (Lenovo Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [439488 2013-07-09] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
MountPoints2: {03349f90-fa08-11e2-be9f-6036dd7e786c} - "E:\autorun.exe"
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [64000 2012-08-10] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IntelSBA] - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4267784 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [333 2013-04-06] ()
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6618920 2013-08-01] (Lenovo Group Limited)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope {63A968EE-78D4-48FA-97B8-EEC590270981} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM - {63A968EE-78D4-48FA-97B8-EEC590270981} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM-x32 - DefaultScope {63A968EE-78D4-48FA-97B8-EEC590270981} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM-x32 - {63A968EE-78D4-48FA-97B8-EEC590270981} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKCU - DefaultScope {63A968EE-78D4-48FA-97B8-EEC590270981} URL =
SearchScopes: HKCU - {63A968EE-78D4-48FA-97B8-EEC590270981} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default
FF Homepage: about:home
FF Keyword.URL: https://www.startpage.com/do/search?language=deutsch&cat=web&query=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\https-everywhere@eff.org
FF Extension: Password Hasher - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\passhash@mozilla.wijjo.com
FF Extension: WOT - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: 2.0 - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\2.0@disconnect.me.xpi
FF Extension: contextMenuExtension - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\contextMenuExtension@leo.org.xpi
FF Extension: firefox - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\firefox@ghostery.com.xpi
FF Extension: defaults - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
FF Extension: Adblock Plus - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: dta - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\61prv1k0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
Chrome:
=======
CHR Extension: (Docs) - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Website Logon) - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iokmdlapebooifaijckgcmncjdpojmjl\6.0.200_0
CHR Extension: (Gmail) - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx
==================== Services (Whitelisted) =================
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [565760 2013-07-04] (Lenovo Corporation)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2013-07-11] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [197632 2013-05-02] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [47368 2012-07-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2044408 2013-07-17] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [579400 2013-02-08] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [687104 2013-07-04] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [468984 2013-06-25] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [465912 2013-06-21] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-31] (Nitro PDF Software)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [9584 2013-03-07] ()
R3 RCUVCAVS; C:\Windows\system32\DRIVERS\RCUVCAVS.sys [149632 2012-10-22] (Ricoh co.,Ltd.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288480 2012-12-13] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-18] (Synaptics Incorporated)
S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [33856 2012-09-12] (Lenovo Group Limited)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
U3 fxryrpog; \??\C:\Users\Admin\AppData\Local\Temp\fxryrpog.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-26 10:40 - 2013-10-26 10:40 - 01956086 _____ (Farbar) C:\Users\Christina\Desktop\FRST64.exe
2013-10-26 10:34 - 2013-10-26 10:34 - 00013941 _____ C:\Users\Christina\Desktop\gmer.log
2013-10-26 10:30 - 2013-10-26 10:34 - 00000160 _____ C:\Users\Christina\Desktop\prob.txt
2013-10-26 10:24 - 2013-10-26 10:28 - 00000022 _____ C:\WINDOWS\S.dirmngr
2013-10-25 18:46 - 2013-10-25 18:46 - 00000016 ____H C:\Users\Christina\SyncToy_fa86564d-a98c-4d6f-bda2-df058a0b7606.dat
2013-10-24 20:38 - 2013-10-24 20:40 - 58929152 _____ C:\Users\Christina\Downloads\calibre-64bit-1.7.0.msi
2013-10-24 19:07 - 2013-10-24 19:07 - 00000000 ____D C:\ProgramData\Intel.sav
2013-10-24 19:07 - 2013-10-24 19:07 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-10-16 22:50 - 2013-10-16 22:50 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-16 22:50 - 2013-10-16 22:50 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-16 22:50 - 2013-10-16 22:50 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-16 22:50 - 2013-10-16 22:50 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-10-16 22:50 - 2013-10-16 22:50 - 00000000 ____D C:\Program Files\Java
2013-10-16 22:49 - 2013-10-16 22:49 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-10-16 22:49 - 2013-10-16 22:49 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-10-16 22:49 - 2013-10-16 22:49 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-10-16 22:49 - 2013-10-16 22:49 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 22:49 - 2013-10-16 22:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-13 21:57 - 2013-10-13 21:57 - 00001273 _____ C:\Users\Christina\Desktop\MediathekView - Verknüpfung.lnk
2013-10-11 23:26 - 2013-10-11 23:26 - 00000959 _____ C:\Users\Christina\Desktop\calibre.lnk
2013-10-11 23:24 - 2013-10-11 23:24 - 00000030 _____ C:\WINDOWS\success64.log
2013-10-11 23:21 - 2013-10-11 23:24 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-10-11 23:19 - 2013-03-18 15:18 - 00171248 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo17.dll
2013-10-11 23:19 - 2013-03-18 15:18 - 00033008 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2013-10-11 23:19 - 2009-08-07 09:49 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2013-10-11 23:06 - 2013-10-11 23:07 - 00711376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-11 22:52 - 2013-10-11 22:52 - 00000000 ____D C:\Users\Default\AppData\Local\Tvsukernel
2013-10-11 22:52 - 2013-10-11 22:52 - 00000000 ____D C:\Users\Default User\AppData\Local\Tvsukernel
2013-10-11 22:37 - 2012-12-27 17:01 - 00760032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2013-10-11 22:37 - 2012-12-27 17:01 - 00074344 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2013-10-11 22:24 - 2013-10-26 10:19 - 00000000 ____D C:\Users\Christina\AppData\Roaming\vlc
2013-10-11 22:16 - 2013-07-16 16:38 - 00002149 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DesktopToastsForCriticalUpdates.lnk
2013-10-11 22:16 - 2013-07-16 16:38 - 00002149 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DesktopToastsForCriticalUpdates.lnk
2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\FRST
2013-10-11 21:50 - 2013-10-26 10:03 - 00000472 _____ C:\Users\Christina\Desktop\defogger_disable.log
2013-10-11 21:50 - 2013-10-11 21:50 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-10-11 21:40 - 2013-10-11 21:41 - 00050477 _____ C:\Users\Christina\Desktop\Defogger.exe
2013-10-11 21:40 - 2013-10-11 21:40 - 00377856 _____ C:\Users\Christina\Desktop\gmer_2.1.19163.exe
2013-10-11 21:37 - 2013-09-14 03:15 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-10-11 21:37 - 2013-09-14 00:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-10-11 21:37 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-10-11 21:37 - 2013-09-14 00:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-10-11 21:37 - 2013-09-14 00:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-10-11 21:37 - 2013-09-14 00:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-10-11 21:37 - 2013-09-14 00:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-10-11 21:37 - 2013-09-14 00:33 - 03279360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-10-11 21:37 - 2013-09-14 00:33 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-10-11 21:37 - 2013-09-14 00:33 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-10-11 21:37 - 2013-09-14 00:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-10-11 21:37 - 2013-09-14 00:33 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-10-11 21:37 - 2013-09-14 00:33 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-10-11 21:37 - 2013-09-14 00:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-10-11 21:37 - 2013-09-14 00:33 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-10-11 21:37 - 2013-08-30 07:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-10-11 21:37 - 2013-08-30 07:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-10-11 21:37 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-10-11 21:37 - 2013-08-21 08:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-10-11 21:37 - 2013-08-10 08:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-10-11 21:37 - 2013-08-10 07:21 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-10-11 21:37 - 2013-08-10 05:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-10-11 21:37 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-10-11 21:37 - 2013-07-25 01:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-10-11 21:37 - 2013-07-12 03:38 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-10-11 21:37 - 2013-07-12 03:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2013-10-11 21:35 - 2013-10-11 21:35 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Malwarebytes
2013-10-11 21:29 - 2013-10-11 22:20 - 00000000 ____D C:\Program Files\VideoLAN
2013-10-10 19:34 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-10-10 19:34 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-10-10 19:34 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-10-10 19:34 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-10-10 19:34 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-10-10 19:34 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-10-10 19:34 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-10-10 19:34 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-10-10 19:34 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-10-10 19:34 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-10-10 19:34 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-10-10 19:34 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-10-10 19:34 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-10-10 19:34 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-10-10 19:34 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-10-10 19:34 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-10-10 19:34 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-10-10 19:34 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2013-10-10 19:34 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2013-10-10 19:34 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-10-10 19:34 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-10-10 19:34 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-10-10 19:34 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-10-10 19:34 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-10-10 19:34 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-10-10 19:34 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-10-10 19:34 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-10-10 19:34 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-10-10 19:34 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-10-10 19:34 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-10-10 19:34 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-10-10 19:34 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-10-10 19:34 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-10-10 19:33 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-10-10 19:33 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 19:33 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 19:33 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2013-10-10 19:33 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2013-10-10 19:33 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-10-10 19:33 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-10-10 19:33 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-10-10 19:33 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-10 19:33 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2013-10-10 19:33 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2013-10-10 19:33 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2013-10-10 19:33 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2013-10-10 19:33 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-10 19:33 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-10 19:33 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2013-10-10 19:33 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-10-10 19:33 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2013-10-10 19:33 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2013-10-10 19:33 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2013-10-10 19:33 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2013-10-10 19:33 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2013-10-10 19:33 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2013-10-09 22:42 - 2013-10-09 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-09 22:42 - 2013-10-09 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-09 22:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-08 22:12 - 2013-10-08 22:12 - 06199000 _____ C:\WINDOWS\system32\Drivers\Netwfw00.dat
2013-10-08 22:12 - 2013-10-08 22:12 - 03345376 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwew00.sys
2013-10-08 22:12 - 2013-10-08 22:12 - 02193136 _____ (Intel Corporation) C:\WINDOWS\system32\Netwuw01.dll
2013-10-01 20:52 - 2013-10-26 10:37 - 00000000 ___RD C:\Users\Christina\Dropbox
2013-10-01 20:52 - 2013-10-14 20:46 - 00001042 _____ C:\Users\Christina\Desktop\Dropbox.lnk
2013-10-01 20:50 - 2013-10-14 20:46 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-01 20:48 - 2013-10-26 10:37 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Dropbox
2013-09-29 00:03 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-09-29 00:03 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2013-09-29 00:03 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2013-09-29 00:03 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-09-29 00:03 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-09-29 00:03 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-09-29 00:03 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2013-09-29 00:03 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2013-09-29 00:03 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2013-09-29 00:03 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-09-29 00:03 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-09-29 00:03 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-09-29 00:03 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-09-29 00:03 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-09-29 00:03 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-09-29 00:03 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2013-09-29 00:03 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-09-29 00:03 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-09-29 00:03 - 2013-07-31 01:30 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-09-29 00:03 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2013-09-29 00:03 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-09-29 00:03 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-09-29 00:03 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-09-27 23:35 - 2013-09-27 23:35 - 00000000 ____D C:\Users\Christina\Downloads\tools_v6.0.7
==================== One Month Modified Files and Folders =======
2013-10-26 10:40 - 2013-10-26 10:40 - 01956086 _____ (Farbar) C:\Users\Christina\Desktop\FRST64.exe
2013-10-26 10:37 - 2013-10-01 20:52 - 00000000 ___RD C:\Users\Christina\Dropbox
2013-10-26 10:37 - 2013-10-01 20:48 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Dropbox
2013-10-26 10:37 - 2013-04-06 19:09 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-26 10:34 - 2013-10-26 10:34 - 00013941 _____ C:\Users\Christina\Desktop\gmer.log
2013-10-26 10:34 - 2013-10-26 10:30 - 00000160 _____ C:\Users\Christina\Desktop\prob.txt
2013-10-26 10:31 - 2013-04-06 13:22 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Nitro PDF
2013-10-26 10:29 - 2013-06-11 11:39 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-26 10:28 - 2013-10-26 10:24 - 00000022 _____ C:\WINDOWS\S.dirmngr
2013-10-26 10:28 - 2013-04-27 14:15 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2013-10-26 10:28 - 2013-04-15 08:45 - 609023378 _____ C:\WINDOWS\MEMORY.DMP
2013-10-26 10:28 - 2013-04-15 08:45 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-26 10:28 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-26 10:25 - 2013-04-08 17:22 - 00000192 _____ C:\Users\Christina\AppData\Local\RegisteredPackageInformation.xml
2013-10-26 10:19 - 2013-10-11 22:24 - 00000000 ____D C:\Users\Christina\AppData\Roaming\vlc
2013-10-26 10:16 - 2013-04-27 12:54 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Mp3tag
2013-10-26 10:05 - 2013-06-11 11:39 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-26 10:03 - 2013-10-11 21:50 - 00000472 _____ C:\Users\Christina\Desktop\defogger_disable.log
2013-10-26 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-26 09:59 - 2012-12-15 08:48 - 02045193 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-26 09:47 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-26 09:39 - 2013-04-06 13:18 - 00000000 ____D C:\Users\Christina
2013-10-26 09:28 - 2012-12-15 17:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat
2013-10-26 09:28 - 2012-12-15 17:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat
2013-10-26 09:28 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-25 18:46 - 2013-10-25 18:46 - 00000016 ____H C:\Users\Christina\SyncToy_fa86564d-a98c-4d6f-bda2-df058a0b7606.dat
2013-10-25 17:32 - 2013-04-06 18:16 - 00000000 ____D C:\Users\Admin
2013-10-24 22:16 - 2012-12-15 08:35 - 00000000 ____D C:\Intel
2013-10-24 20:42 - 2013-04-11 12:35 - 00000000 ____D C:\Users\Christina\Documents\Calibre Bibliothek
2013-10-24 20:41 - 2013-09-25 23:56 - 00000000 ____D C:\Program Files\Calibre2
2013-10-24 20:40 - 2013-10-24 20:38 - 58929152 _____ C:\Users\Christina\Downloads\calibre-64bit-1.7.0.msi
2013-10-24 19:09 - 2013-04-27 14:11 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-24 19:09 - 2012-12-15 08:35 - 00000000 ____D C:\Program Files\Intel
2013-10-24 19:08 - 2012-12-15 08:35 - 00000000 ____D C:\ProgramData\Intel
2013-10-24 19:07 - 2013-10-24 19:07 - 00000000 ____D C:\ProgramData\Intel.sav
2013-10-24 19:07 - 2013-10-24 19:07 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-10-24 19:07 - 2012-12-15 08:36 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-10-24 19:07 - 2012-12-15 08:35 - 00000000 ____D C:\Program Files (x86)\Intel
2013-10-24 18:56 - 2013-04-06 14:40 - 00000000 ____D C:\Users\Christina\AppData\Local\Lenovo
2013-10-17 22:01 - 2013-04-06 13:40 - 00000000 ____D C:\Users\Christina\Documents\Referendariat
2013-10-17 21:44 - 2013-04-11 15:28 - 00000000 ____D C:\Users\Christina\AppData\Local\CrashDumps
2013-10-16 22:50 - 2013-10-16 22:50 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-16 22:50 - 2013-10-16 22:50 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-16 22:50 - 2013-10-16 22:50 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-16 22:50 - 2013-10-16 22:50 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-10-16 22:50 - 2013-10-16 22:50 - 00000000 ____D C:\Program Files\Java
2013-10-16 22:50 - 2013-09-24 07:31 - 00000000 ____D C:\ProgramData\Oracle
2013-10-16 22:49 - 2013-10-16 22:49 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-10-16 22:49 - 2013-10-16 22:49 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-10-16 22:49 - 2013-10-16 22:49 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-10-16 22:49 - 2013-10-16 22:49 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 22:49 - 2013-10-16 22:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-15 18:31 - 2013-04-06 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-14 22:14 - 2012-07-26 09:21 - 00048764 _____ C:\WINDOWS\setupact.log
2013-10-14 20:47 - 2013-04-06 13:19 - 00000000 ___RD C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-14 20:46 - 2013-10-01 20:52 - 00001042 _____ C:\Users\Christina\Desktop\Dropbox.lnk
2013-10-14 20:46 - 2013-10-01 20:50 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-13 22:19 - 2013-08-07 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-13 22:19 - 2013-04-06 18:42 - 00002101 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-10-13 21:57 - 2013-10-13 21:57 - 00001273 _____ C:\Users\Christina\Desktop\MediathekView - Verknüpfung.lnk
2013-10-12 20:38 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-10-11 23:51 - 2013-04-27 13:55 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-10-11 23:26 - 2013-10-11 23:26 - 00000959 _____ C:\Users\Christina\Desktop\calibre.lnk
2013-10-11 23:24 - 2013-10-11 23:24 - 00000030 _____ C:\WINDOWS\success64.log
2013-10-11 23:24 - 2013-10-11 23:21 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-10-11 23:20 - 2012-12-15 08:59 - 00001422 _____ C:\WINDOWS\Synaptics.log
2013-10-11 23:20 - 2012-12-15 08:33 - 00099908 _____ C:\WINDOWS\DPINST.LOG
2013-10-11 23:07 - 2013-10-11 23:06 - 00711376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-11 23:06 - 2012-10-10 01:08 - 00722772 _____ C:\WINDOWS\PFRO.log
2013-10-11 22:52 - 2013-10-11 22:52 - 00000000 ____D C:\Users\Default\AppData\Local\Tvsukernel
2013-10-11 22:52 - 2013-10-11 22:52 - 00000000 ____D C:\Users\Default User\AppData\Local\Tvsukernel
2013-10-11 22:43 - 2012-12-15 08:47 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2013-10-11 22:41 - 2012-07-26 10:12 - 00000000 __RSD C:\WINDOWS\Media
2013-10-11 22:38 - 2013-07-24 22:06 - 00000000 ____D C:\Users\Christina\AppData\Roaming\LSC
2013-10-11 22:37 - 2012-12-15 08:36 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-11 22:34 - 2013-05-06 15:24 - 00000000 ____D C:\ldiag
2013-10-11 22:33 - 2012-12-15 08:36 - 00000000 ____D C:\Program Files\Lenovo
2013-10-11 22:20 - 2013-10-11 21:29 - 00000000 ____D C:\Program Files\VideoLAN
2013-10-11 22:18 - 2012-12-15 01:06 - 00000000 ____D C:\ProgramData\Lenovo
2013-10-11 22:15 - 2012-12-15 08:36 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-10-11 22:03 - 2013-04-06 12:22 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\FRST
2013-10-11 21:50 - 2013-10-11 21:50 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-10-11 21:43 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-11 21:41 - 2013-10-11 21:40 - 00050477 _____ C:\Users\Christina\Desktop\Defogger.exe
2013-10-11 21:40 - 2013-10-11 21:40 - 00377856 _____ C:\Users\Christina\Desktop\gmer_2.1.19163.exe
2013-10-11 21:35 - 2013-10-11 21:35 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Malwarebytes
2013-10-11 19:02 - 2013-04-06 23:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 19:01 - 2013-04-06 23:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 22:18 - 2013-05-05 14:29 - 00000000 ____D C:\Users\Christina\Downloads\Cut
2013-10-10 22:17 - 2013-05-05 15:11 - 00000000 ____D C:\Users\Christina\Downloads\CutOriginale
2013-10-10 22:17 - 2013-05-05 14:18 - 00000000 ____D C:\Users\Christina\AppData\Local\ColdCut
2013-10-10 22:16 - 2013-05-05 14:23 - 00025088 _____ C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-10 21:25 - 2013-04-06 16:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 21:24 - 2013-07-15 16:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-10 21:21 - 2013-04-06 19:10 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-09 23:18 - 2013-04-06 12:24 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-10-09 22:42 - 2013-10-09 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-09 22:42 - 2013-10-09 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 22:12 - 2013-10-08 22:12 - 06199000 _____ C:\WINDOWS\system32\Drivers\Netwfw00.dat
2013-10-08 22:12 - 2013-10-08 22:12 - 03345376 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwew00.sys
2013-10-08 22:12 - 2013-10-08 22:12 - 02193136 _____ (Intel Corporation) C:\WINDOWS\system32\Netwuw01.dll
2013-10-02 03:38 - 2012-07-26 10:14 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:38 - 2012-07-26 10:14 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-30 22:21 - 2013-04-07 12:55 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Skype
2013-09-29 12:55 - 2013-04-11 12:34 - 00000000 ____D C:\Users\Christina\AppData\Roaming\calibre
2013-09-29 00:09 - 2013-04-06 13:19 - 00000000 ___RD C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-29 00:08 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-09-28 00:33 - 2013-04-27 16:55 - 00000000 ____D C:\Users\Christina\Documents\My Digital Editions
2013-09-27 23:35 - 2013-09-27 23:35 - 00000000 ____D C:\Users\Christina\Downloads\tools_v6.0.7
2013-09-27 22:18 - 2013-04-06 13:33 - 00000000 ____D C:\Users\Christina\Documents\Citavi 3
2013-09-27 20:26 - 2013-05-05 15:09 - 00000000 ____D C:\ProgramData\DivX
2013-09-27 20:26 - 2013-05-05 15:09 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-27 20:24 - 2013-05-11 20:05 - 00000000 _____ C:\END
2013-09-26 22:24 - 2013-04-06 13:40 - 00000000 ____D C:\Users\Christina\Documents\Offiziell
Files to move or delete:
====================
C:\Users\Christina\SyncToy_a645ea82-1fcf-4d3a-aed1-3aaa61c38cbc.dat
C:\Users\Christina\SyncToy_fa86564d-a98c-4d6f-bda2-df058a0b7606.dat
Some content of TEMP:
====================
C:\Users\Christina\AppData\Local\Temp\DivXSetup.exe
C:\Users\Christina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christina\AppData\Local\Temp\vlc-2.0.7-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================ Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-26 10:34:54
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003e HITACHI_HTS727550A9E364 rev.JF3ZD0H0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fxryrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe[844] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe[844] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe[844] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Windows\System32\WUDFHost.exe[1332] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Windows\System32\WUDFHost.exe[1332] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Windows\System32\WUDFHost.exe[1332] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1480] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1480] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1480] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1992] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1992] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1992] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff43cd1b32 4 bytes [CD, 43, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1992] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff43cd1b3a 4 bytes [CD, 43, FF, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2084] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2084] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2084] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2376] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2376] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2376] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2376] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2376] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\svchost.exe[2452] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007ff43cd1b32 4 bytes [CD, 43, FF, 07]
.text C:\WINDOWS\system32\svchost.exe[2452] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007ff43cd1b3a 4 bytes [CD, 43, FF, 07]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2540] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2540] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2640] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2640] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2640] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2640] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2640] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3644] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3644] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\Explorer.EXE[3188] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\Explorer.EXE[3188] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\Explorer.EXE[3188] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[3452] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[3452] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[3452] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[3452] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[3452] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\Windows\System32\igfxpers.exe[5116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\Windows\System32\igfxpers.exe[5116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\Windows\System32\rundll32.exe[4540] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\Windows\System32\rundll32.exe[4540] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\Windows\System32\rundll32.exe[4540] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4416] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4416] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4932] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4932] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\rundll32.exe[5776] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff49e81532 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\rundll32.exe[5776] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff49e8153a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\rundll32.exe[5776] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff49e8165a 4 bytes [E8, 49, FF, 07]
.text C:\WINDOWS\system32\rundll32.exe[5776] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bcd177a 4 bytes [CD, 4B, FF, 07]
.text C:\WINDOWS\system32\rundll32.exe[5776] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bcd1782 4 bytes [CD, 4B, FF, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [568:592] fffff9600085f5e8
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe [4404:5016] 000007ff3dfa77b0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe [4404:5056] 000007ff3dfa77b0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe [4404:5060] 000007ff4cc33bc4
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- Vielen Dank schonmal vorab! |