Windows 7: Sperrbildschirm - "GVU" - TR/Reveton.V.48 Hallo,
auf dem Laptop meiner Schwiegereltern kommt nach dem Windowsstart sofort ein Sperrbildschirm. Am 13.11. wurde ein Trojaner TR/Reveton.V.48 gefunden (sie Antivir Logdatei). Im abgesicherten Modus lässt sich der Rechner starten, ein erneuter Suchlauf mit Antivir bringt aber keinen Fund, obwohl der Sperrildschirm im beim normalen Start unverändert wieder da ist. Ich habe 2 Mal eine Systemwiederherstellung auf unterschiedliche frühere Zeitpunkte versucht, bekam aber jeweils einen Bluescreen.
Das Benutzerkonto meiner Schwiegereltern M***** ist ein eingeschränktes Konto. Mein Konto ist ein Administratorkonto.
Die Scans wurden im abgesicherten Modus auf dem eingeschränkten Konto, bei Bedarf als Admin, ausgeführt.
Ich habe mich bemüht, alle Logs nach Anleitung zu Erstellen - ich hoffe es hat geklappt.
Antivir Log-Datei vom Fund: Code:
Avira Antivirus Suite
Erstellungsdatum der Reportdatei: Mittwoch, 13. November 2013 18:01
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ************
Seriennummer : *********
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Abgesicherter Modus mit Netzwerk Support
Benutzername : M*********
Computername : LAPTOPMR
Versionsinformationen:
BUILD.DAT : 14.0.0.383 Bytes 30.09.2013 11:01:00
AVSCAN.EXE : 14.0.0.383 968776 Bytes 07.10.2013 13:34:22
AVSCANRC.DLL : 14.0.0.225 62024 Bytes 07.10.2013 13:34:22
LUKE.DLL : 14.0.0.383 65096 Bytes 07.10.2013 13:35:03
AVSCPLR.DLL : 14.0.0.383 92232 Bytes 07.10.2013 13:34:26
AVREG.DLL : 14.0.0.383 250440 Bytes 07.10.2013 13:34:18
avlode.dll : 14.0.0.383 512584 Bytes 07.10.2013 13:33:54
avlode.rdf : 13.0.1.44 27859 Bytes 01.11.2013 15:46:49
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:03:44
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:03:47
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:03:51
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:03:54
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:04:00
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 17:10:47
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24.09.2013 14:09:02
VBASE007.VDF : 7.11.111.18 3598336 Bytes 06.11.2013 19:25:52
VBASE008.VDF : 7.11.111.19 2048 Bytes 06.11.2013 19:25:52
VBASE009.VDF : 7.11.111.20 2048 Bytes 06.11.2013 19:25:52
VBASE010.VDF : 7.11.111.21 2048 Bytes 06.11.2013 19:25:52
VBASE011.VDF : 7.11.111.22 2048 Bytes 06.11.2013 19:25:52
VBASE012.VDF : 7.11.111.23 2048 Bytes 06.11.2013 19:25:52
VBASE013.VDF : 7.11.111.150 168448 Bytes 07.11.2013 18:41:56
VBASE014.VDF : 7.11.112.47 247808 Bytes 08.11.2013 18:41:57
VBASE015.VDF : 7.11.112.139 323584 Bytes 11.11.2013 16:44:31
VBASE016.VDF : 7.11.112.140 2048 Bytes 11.11.2013 16:44:32
VBASE017.VDF : 7.11.112.141 2048 Bytes 11.11.2013 16:44:32
VBASE018.VDF : 7.11.112.142 2048 Bytes 11.11.2013 16:44:32
VBASE019.VDF : 7.11.112.143 2048 Bytes 11.11.2013 16:44:32
VBASE020.VDF : 7.11.112.144 2048 Bytes 11.11.2013 16:44:32
VBASE021.VDF : 7.11.112.145 2048 Bytes 11.11.2013 16:44:32
VBASE022.VDF : 7.11.112.146 2048 Bytes 11.11.2013 16:44:32
VBASE023.VDF : 7.11.112.147 2048 Bytes 11.11.2013 16:44:33
VBASE024.VDF : 7.11.112.148 2048 Bytes 11.11.2013 16:44:33
VBASE025.VDF : 7.11.112.149 2048 Bytes 11.11.2013 16:44:33
VBASE026.VDF : 7.11.112.150 2048 Bytes 11.11.2013 16:44:33
VBASE027.VDF : 7.11.112.151 2048 Bytes 11.11.2013 16:44:33
VBASE028.VDF : 7.11.112.152 2048 Bytes 11.11.2013 16:44:33
VBASE029.VDF : 7.11.112.153 2048 Bytes 11.11.2013 16:44:33
VBASE030.VDF : 7.11.112.154 2048 Bytes 11.11.2013 16:44:33
VBASE031.VDF : 7.11.113.20 264704 Bytes 12.11.2013 19:44:33
Engineversion : 8.2.12.140
AEVDF.DLL : 8.1.3.4 102774 Bytes 11.08.2013 13:04:18
AESCRIPT.DLL : 8.1.4.164 516478 Bytes 08.11.2013 18:42:08
AESCN.DLL : 8.1.10.4 131446 Bytes 11.08.2013 13:04:18
AESBX.DLL : 8.2.16.26 1245560 Bytes 25.08.2013 18:01:39
AERDL.DLL : 8.2.0.128 688504 Bytes 11.08.2013 13:04:18
AEPACK.DLL : 8.3.3.4 758136 Bytes 18.10.2013 13:12:58
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 11.08.2013 13:04:17
AEHEUR.DLL : 8.1.4.744 6283642 Bytes 08.11.2013 18:42:08
AEHELP.DLL : 8.1.27.8 266617 Bytes 08.11.2013 18:42:00
AEGEN.DLL : 8.1.7.18 446839 Bytes 08.11.2013 18:41:59
AEEXP.DLL : 8.4.1.100 369016 Bytes 01.11.2013 15:46:49
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.08.2013 13:04:12
AECORE.DLL : 8.1.32.2 201081 Bytes 08.11.2013 18:41:59
AEBB.DLL : 8.1.1.4 53619 Bytes 11.08.2013 13:04:12
AVWINLL.DLL : 14.0.0.225 23624 Bytes 07.10.2013 13:33:32
AVPREF.DLL : 14.0.0.225 48712 Bytes 07.10.2013 13:34:18
AVREP.DLL : 14.0.0.225 175688 Bytes 07.10.2013 13:34:19
AVARKT.DLL : 14.0.0.225 257096 Bytes 07.10.2013 13:33:49
AVEVTLOG.DLL : 14.0.0.383 165960 Bytes 07.10.2013 13:33:51
SQLITE3.DLL : 3.7.0.1 394824 Bytes 11.08.2013 13:05:07
AVSMTP.DLL : 14.0.0.225 60488 Bytes 07.10.2013 13:34:30
NETNT.DLL : 14.0.0.225 13384 Bytes 07.10.2013 13:35:04
RCIMAGE.DLL : 14.0.0.225 4784712 Bytes 07.10.2013 13:33:32
RCTEXT.DLL : 14.0.0.225 67144 Bytes 07.10.2013 13:33:32
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\MONIUN~1\AppData\Local\Temp\2487d491.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Mittwoch, 13. November 2013 18:01
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows7_OS>
C:\ProgramData\go8btmq.fdd
[FUND] Ist das Trojanische Pferd TR/Reveton.V.48
Beginne mit der Desinfektion:
C:\ProgramData\go8btmq.fdd
[FUND] Ist das Trojanische Pferd TR/Reveton.V.48
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55321e35.qua' verschoben!
Ende des Suchlaufs: Mittwoch, 13. November 2013 18:49
Benötigte Zeit: 41:21 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
30052 Verzeichnisse wurden überprüft
483171 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
483170 Dateien ohne Befall
3572 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:45 on 17/11/2013 (Peter)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by M***** (ATTENTION: The logged in user is not administrator) on LAPTOPMR on 17-11-2013 10:47:31
Running from C:\Users\M*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\CONEXANT\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [LTT] - C:\Program Files\PC-Doctor\EnableToolbarW32.exe
MountPoints2: {fde84546-5f47-11e1-9202-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
HKLM-x32\...\Run: [Launch Backup Service Once] - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe [133944 2011-08-18] ()
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\M*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\go8btmq.lnk
ShortcutTarget: go8btmq.lnk -> C:\PROGRA~3\qmtb8og.dss (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FireFox:
========
FF ProfilePath: C:\Users\M*****\AppData\Roaming\Mozilla\Firefox\Profiles\yomldf85.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\M*****\AppData\Roaming\Mozilla\Firefox\Profiles\yomldf85.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Norton Identity Protection) - C:\Users\MONIUN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
==================== Services (Whitelisted) =================
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [32104 2011-07-08] (Lenovo Group Limited)
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-17 10:47 - 2013-11-17 10:47 - 00011080 _____ C:\Users\M*****\Desktop\FRST.txt
2013-11-17 10:47 - 2013-11-17 10:47 - 00000000 ____D C:\FRST
2013-11-17 10:46 - 2013-11-16 11:06 - 01957794 _____ (Farbar) C:\Users\M*****\Desktop\FRST64.exe
2013-11-17 10:45 - 2013-11-17 10:45 - 00000472 _____ C:\Users\M*****\Desktop\defogger_disable.log
2013-11-17 10:45 - 2013-11-17 10:45 - 00000000 _____ C:\Users\Peter\defogger_reenable
2013-11-17 10:44 - 2013-11-16 11:03 - 00050477 _____ C:\Users\M*****\Desktop\Defogger.exe
2013-11-12 21:05 - 2013-11-17 10:39 - 00000279 _____ C:\ProgramData\go8btmq.reg
2013-11-12 21:05 - 2013-11-12 21:05 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\go8btmq.pss
2013-11-12 21:04 - 2013-11-17 10:39 - 95025368 ____T C:\ProgramData\go8btmq.bxx
2013-11-12 21:04 - 2013-11-17 10:39 - 00000000 _____ C:\ProgramData\go8btmq.fvv
2013-11-12 21:04 - 2013-11-12 21:04 - 00131072 _____ (Microsoft Corporation) C:\ProgramData\qmtb8og.dss
==================== One Month Modified Files and Folders =======
2013-11-17 10:47 - 2013-11-17 10:47 - 00011080 _____ C:\Users\M*****\Desktop\FRST.txt
2013-11-17 10:47 - 2013-11-17 10:47 - 00000000 ____D C:\FRST
2013-11-17 10:45 - 2013-11-17 10:45 - 00000472 _____ C:\Users\M*****\Desktop\defogger_disable.log
2013-11-17 10:45 - 2013-11-17 10:45 - 00000000 _____ C:\Users\Peter\defogger_reenable
2013-11-17 10:45 - 2012-03-16 21:48 - 00000000 ____D C:\Users\Peter
2013-11-17 10:45 - 2012-02-25 10:16 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-17 10:45 - 2012-02-25 10:16 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-17 10:45 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-17 10:39 - 2013-11-12 21:05 - 00000279 _____ C:\ProgramData\go8btmq.reg
2013-11-17 10:39 - 2013-11-12 21:04 - 95025368 ____T C:\ProgramData\go8btmq.bxx
2013-11-17 10:39 - 2013-11-12 21:04 - 00000000 _____ C:\ProgramData\go8btmq.fvv
2013-11-17 10:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 10:39 - 2009-07-14 05:51 - 00102725 _____ C:\Windows\setupact.log
2013-11-16 11:06 - 2013-11-17 10:46 - 01957794 _____ (Farbar) C:\Users\M*****\Desktop\FRST64.exe
2013-11-16 11:03 - 2013-11-17 10:44 - 00050477 _____ C:\Users\M*****\Desktop\Defogger.exe
2013-11-15 19:47 - 2012-04-06 19:54 - 426364112 _____ C:\Windows\MEMORY.DMP
2013-11-15 19:47 - 2012-04-06 19:54 - 00000000 ____D C:\Windows\Minidump
2013-11-15 19:43 - 2012-02-25 01:35 - 01642764 _____ C:\Windows\WindowsUpdate.log
2013-11-14 18:08 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 18:08 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 21:05 - 2013-11-12 21:05 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\go8btmq.pss
2013-11-12 21:04 - 2013-11-12 21:04 - 00131072 _____ (Microsoft Corporation) C:\ProgramData\qmtb8og.dss
2013-11-12 21:04 - 2012-03-16 16:55 - 00000000 ___RD C:\Users\M*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Files to move or delete:
====================
C:\ProgramData\go8btmq.reg
C:\ProgramData\qmtb8og.dss
Some content of TEMP:
====================
C:\Users\M*****\AppData\Local\Temp\0OKD.dll
C:\Users\M*****\AppData\Local\Temp\avgnt.exe
C:\Users\M*****\AppData\Local\Temp\tmp1FFE.exe
C:\Users\M*****\AppData\Local\Temp\tmp3E.exe
C:\Users\M*****\AppData\Local\Temp\tmp67C7.exe
C:\Users\M*****\AppData\Local\Temp\tmp9636.exe
C:\Users\M*****\AppData\Local\Temp\tmpE9F0.exe
C:\Users\M*****\AppData\Local\Temp\tmpEB3B.exe
C:\Users\M*****\AppData\Local\Temp\tmpEF1E.exe
C:\Users\M*****\AppData\Local\Temp\tmpF1DC.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================ --- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by M******** at 2013-11-17 10:48:13
Running from C:\Users\M********\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Anzeige am Bildschirm (Version: 6.60.00)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Antivirus Premium (x32 Version: 14.0.0.383)
Avira SearchFree Toolbar (x32 Version: 12.6.0.1900)
BisonCam Twain Pro (x32 Version: 1.5.4.7)
Bonjour (Version: 3.0.0.10)
Broadcom InConcert Maestro (Version: 1.0.1.2200)
Burn.Now 4.5 (x32 Version: 4.5.0)
Conexant HD Audio (Version: 8.32.27.0)
Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0)
Corel DVD MovieFactory Lenovo Edition (x32 Version: 7.0.0)
Corel WinDVD (x32 Version: 10.0.5.828)
Create Recovery Media (x32 Version: 1.20.0.00)
D3DX10 (x32 Version: 15.4.2368.0902)
Direct DiscRecorder (x32 Version: 1.00.0000)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
Elevated Installer (x32 Version: 2.1.13)
FreePDF (Remove only) (x32)
Garmin City Navigator Europe NT 2011.10 (x32 Version: 14.10.0.0)
Garmin City Navigator Europe NT 2012.40 Update (x32 Version: 15.40.0.0)
Garmin City Navigator Europe NT 2013.30 Update (x32 Version: 16.30.0.0)
Garmin Express (x32 Version: 2.1.13)
Garmin Express Tray (x32 Version: 2.1.13)
Garmin Update Service (x32 Version: 2.1.13)
Garmin USB Drivers (x32 Version: 2.3.0.0)
GPL Ghostscript (Version: 9.04)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (x32 Version: 1.1.0.1147)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2476)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.2.0000)
Intel(R) WiDi (x32 Version: 2.1.41.0)
Intel(R) Wireless Display
iTunes (Version: 10.6.0.40)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.10)
Lenovo Patch Utility (x32 Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo System Interface Driver (Version: 1.05)
Lenovo User Guide (x32 Version: 1.0.0008.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
MAGIX Audio Cleaning Lab 2013 (Version: 19.0.0.10)
MAGIX Audio Cleaning Lab 2013 (x32 Version: 19.0.0.10)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 11.0 (x86 de) (x32 Version: 11.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
RapidBoot (Version: 1.11)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010)
RedMon - Redirection Port Monitor
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (x32 Version: 4.50.0025.00)
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
System Update (x32 Version: 4.01.0015)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.2200)
ThinkPad Energie-Manager (x32 Version: 3.63)
ThinkPad Power Management Driver (Version: 1.64.00.00)
ThinkPad UltraNav Driver (Version: 15.3.8.0)
ThinkVantage Communications Utility (Version: 2.07)
ThinkVantage Fingerprint Software (Version: 5.9.4.6882)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.75)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (Version: 11/06/2010 10.1.0.1008)
Windows-Treiberpaket - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (Version: 07/28/2011 1.64.00.00)
Windows-Treiberpaket - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010) (Version: 12/29/2010 7.037.1229.2010)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (Version: 05/19/2011 15.3.8.0)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/17/2013 10:42:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/15/2013 07:49:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/15/2013 07:48:18 PM) (Source: System Restore) (User: )
Description: Die Systemwiederherstellung wurde wegen eines Stromausfalls oder eines Programmfehlers unerwartet beendet. Zusätzliche Informationen: (Windows Update).
Error: (11/15/2013 07:43:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/15/2013 07:42:57 PM) (Source: System Restore) (User: )
Description: Die Systemwiederherstellung wurde wegen eines Stromausfalls oder eines Programmfehlers unerwartet beendet. Zusätzliche Informationen: (Windows Update).
Error: (11/15/2013 07:38:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/15/2013 06:46:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/15/2013 06:43:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/14/2013 06:07:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3967948
Error: (11/14/2013 06:07:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3967948
System errors:
=============
Error: (11/17/2013 10:42:37 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (11/17/2013 10:42:37 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (11/17/2013 10:42:29 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (11/17/2013 10:42:22 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (11/17/2013 10:41:48 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Fehlercode: 21
Error: (11/17/2013 10:41:35 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
avkmgr
discache
lenovo.smi
spldr
TPPWRIF
Wanarpv6
Error: (11/17/2013 10:41:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Conexant Audio Message Service" ist vom Dienst "Windows-Audio" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (11/15/2013 07:48:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (11/15/2013 07:48:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (11/15/2013 07:48:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (04/13/2012 07:03:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8103.23 MB
Available physical RAM: 7278.54 MB
Total Pagefile: 16204.65 MB
Available Pagefile: 15387.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:296.62 GB) (Free:192.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:0.06 GB) (Free:0.05 GB) FAT
==================== MBR & Partition Table ==================
==================== End Of Log ============================ Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-17 10:58:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.EC2Z 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Peter\AppData\Local\Temp\fxtdapoc.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\60d819af8a62 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819af8a62
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\60d819af8a62 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- Danke vorab für Unterstützung.
Gruß Peter |