Heitschi | 05.02.2015 13:21 | Hi Aneri,
erstmal: Großartig, dass die Werbung wieder weg ist!!
Hier sind meine Logfiles: Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Jan at 2015-02-05 10:58:14 Run:1
Running from C:\Users\Jan\Desktop\trojaner-board
Loaded Profiles: Jan (Available profiles: Jan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56888;https=127.0.0.1:56888
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll ()
BHO: BlockAndSurf -> {C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB} -> C:\Program Files (x86)\ver0BlockAndSurf\187_x64.dll No File
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
C:\Program Files (x86)\pandasecuritytb\
C:\Program Files (x86)\ver0BlockAndSurf\
FF Extension: Panda Security Toolbar - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2015-02-04]
FF Extension: No Name - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\extensions\fftoolbar2014@etech.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\ver0BlockAndSurf\187.xpi [Not Found]
R2 serverig; C:\Users\Jan\AppData\Local\igs\IGSrv.exe [93184 2015-02-04] () [File not signed]
S1 12b083f; C:\WINDOWS\system32\drivers\12b083f.sys [76752 2014-12-13] () [File not signed]
C:\WINDOWS\system32\drivers\12b083f.sys
*****************
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => Key deleted successfully.
"HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}" => Key deleted successfully.
"HKCR\CLSID\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value deleted successfully.
HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => Key not found.
C:\Program Files (x86)\pandasecuritytb => Moved successfully.
"C:\Program Files (x86)\ver0BlockAndSurf" => File/Directory not found.
C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => Moved successfully.
C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\extensions\fftoolbar2014@etech.com not found.
C:\Program Files (x86)\ver0BlockAndSurf\187.xpi not found.
serverig => Unable to stop service
serverig => Service deleted successfully.
12b083f => Service deleted successfully.
C:\WINDOWS\system32\drivers\12b083f.sys => Moved successfully.
The system needed a reboot.
==== End of Fixlog 10:58:20 ==== Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 05.02.2015
Suchlauf-Zeit: 11:25:40
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.05.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Jan
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333592
Verstrichene Zeit: 10 Min, 26 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\OptimizerMonitor.exe, 1128, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5]
Module: 8
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\OptimizerMonitorCert.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\freebl3.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\libnspr4.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\libplc4.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\libplds4.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\nss3.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\nssutil3.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\smime3.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
Registrierungsschlüssel: 23
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\igsc, In Quarantäne, [bd1b2febb6d477bf7f29c8bbd72cfe02],
PUP.Optional.OptimizerMonitor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OptimizerMonitor, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{8ACEBA70-A083-4E98-83A6-149F0CF3B840}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{13E2BC2A-7EC0-4B59-A60E-0A5043168702}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2B127039-617D-4742-B054-5C3DEE406271}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2ED25718-F720-4F63-B512-73AB1628D373}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B3E15C4-8AB2-468E-8AD4-1D4601613486}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{83B3164C-ECFC-434E-92F0-713E2F0A79BD}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{84CF8797-A75F-4E60-B789-9535897EF140}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B1904DCB-AE40-4C15-9A68-23731904EF8A}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C27698B7-82C9-4B8C-B7E8-2EB20AE594AA}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EC05F346-7D39-424D-9141-5D7C1E1B027B}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{13E2BC2A-7EC0-4B59-A60E-0A5043168702}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2B127039-617D-4742-B054-5C3DEE406271}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2ED25718-F720-4F63-B512-73AB1628D373}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B3E15C4-8AB2-468E-8AD4-1D4601613486}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{83B3164C-ECFC-434E-92F0-713E2F0A79BD}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{84CF8797-A75F-4E60-B789-9535897EF140}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B1904DCB-AE40-4C15-9A68-23731904EF8A}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C27698B7-82C9-4B8C-B7E8-2EB20AE594AA}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EC05F346-7D39-424D-9141-5D7C1E1B027B}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8ACEBA70-A083-4E98-83A6-149F0CF3B840}, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IGS, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
Registrierungswerte: 2
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_174, In Quarantäne, [a3354cce583235016dc8701cec176898],
PUP.Optional.OptimizerMonitor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OPTIMIZERMONITOR|ImagePath, C:\Program Files (x86)\IGS\OptimizerMonitor.exe, In Quarantäne, [7a5e9486375380b6c4e8196ac63d6f91]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 2
PUP.Optional.OptimizerMonitor.A, C:\Users\Jan\AppData\Local\igs, In Quarantäne, [bd1b2febb6d477bf7f29c8bbd72cfe02],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
Dateien: 29
PUP.Optional.RegisterOptimizerMonitor.A, C:\Program Files (x86)\IGS\RegisterOptimizerMonitor.exe, In Quarantäne, [c6121109d2b80f27c86ecb4f23df4bb5],
PUP.Optional.RegisterOptimizerMonitor.A, C:\Program Files (x86)\IGS\RegisterOptimizerMonitor64.exe, In Quarantäne, [12c628f24842c076a19558c249b9b947],
PUP.Optional.OptimizerMonitor.A, C:\Windows\Temp\OptimizerMonitor.log, Löschen bei Neustart, [2eaafd1def9b9a9cb2cc156e24df39c7],
PUP.Optional.OptimizerMonitor.A, C:\Users\Jan\AppData\Local\igs\Uninstall.exe, In Quarantäne, [bd1b2febb6d477bf7f29c8bbd72cfe02],
PUP.Optional.OptimizerMonitor.A, C:\Users\Jan\AppData\Local\igs\igrunasu.exe, In Quarantäne, [bd1b2febb6d477bf7f29c8bbd72cfe02],
PUP.Optional.OptimizerMonitor.A, C:\Users\Jan\AppData\Local\igs\igs.exe, In Quarantäne, [bd1b2febb6d477bf7f29c8bbd72cfe02],
PUP.Optional.OptimizerMonitor.A, C:\Users\Jan\AppData\Local\igs\IGSrv.exe, In Quarantäne, [bd1b2febb6d477bf7f29c8bbd72cfe02],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\OptimizerMonitorCert.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\freebl3.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\libnspr4.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\libplc4.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\libplds4.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\nss3.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\nssckbi.dll, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\nssdbm3.dll, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\nssutil3.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\OptimizerMonitor.dll, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\OptimizerMonitor.exe, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\OptimizerMonitor.tlb, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\OptimizerMonitor64.dll, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\Run.exe, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\smime3.dll, Löschen bei Neustart, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\softokn3.dll, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\sqlite3.dll, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\ssl3.dll, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Program Files (x86)\IGS\uninstall.exe, In Quarantäne, [5385e13997f369cd8227582bc43f5ba5],
PUP.Optional.OptimizerMonitor.A, C:\Windows\SysWOW64\OptimizerMonitor.ini, In Quarantäne, [696fd545147644f202a8146f4ab90bf5],
PUP.Optional.OptimizerMonitor.A, C:\Windows\System32\OptimizerMonitorOff.ini, In Quarantäne, [4b8dc5551b6ff442bfec40431be89967],
PUP.Optional.OptimizerMonitor.A, C:\Windows\SysWOW64\OptimizerMonitorOff.ini, In Quarantäne, [0ace8991fb8fd85e3a71acd7da29c63a],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a089fe9391388148ba977013d541efca
# engine=22320
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-05 11:55:43
# local_time=2015-02-05 12:55:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 100008 209333317 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4657625 14015816 0 0
# scanned=198791
# found=32
# cleaned=0
# scan_time=2993
sh=7D99FBA462856BC4DD46A7B18E1D79D1C2BC0789 ft=1 fh=0c98b06ccc654f7d vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe.vir"
sh=01B1F9CB2D50A5609593744320463E46B91EEED4 ft=1 fh=769d3a4457a9efb0 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe.vir"
sh=C91A0FA1B6D1087BFFF881365E2985A011B401C2 ft=1 fh=4fa76ddc1441696b vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll.vir"
sh=FA71B8789F7BB0D1FC4A4F6EB9E082D234DD4E8A ft=1 fh=5c4c6b425e2cebc2 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll.vir"
sh=8FF3027FD5B24AF549A476472735F525E5A82E79 ft=1 fh=8958c815348aafc1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll.vir"
sh=FED4EF394C9023B1005081D803BCB7777479CD19 ft=1 fh=d176c9757a5542b1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll.vir"
sh=621A43829E928D10CDA8CE4ECCF5C11E6BCFD5A8 ft=1 fh=1402f114ad354e9d vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe.vir"
sh=DDB78884545DF16760E10BFC482D1719DDCA5C90 ft=1 fh=3db9760f8b27cec5 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\SPTool.dll.vir"
sh=E56595B052627D2E0F79BFEB1113B85CF5E373DB ft=1 fh=fd73c4a1721c52d6 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe.vir"
sh=1B64473A9F6DC51107678E8649727FADE9D9B4F2 ft=1 fh=d771a5c9edd3de6b vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe.vir"
sh=62AE53143B32112CA534D4B6436D789A3624775A ft=1 fh=528b265d61225bde vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_472\mbot_de_472.exe.vir"
sh=C895B300CD6F942EC5559C0C75FC16A492E0C9A2 ft=1 fh=164a13eb639a668b vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_472\mybestofferstoday_widget.exe.vir"
sh=A7C80C4F20B091AF864EAB16ABA7190222738934 ft=1 fh=769f45ecd38982a1 vn="Win32/Adware.EoRezo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_472\predm.exe.vir"
sh=C9C70752504F9DA4ECCE90EC16B2A6973E344152 ft=1 fh=70c9d98ae86ec3e3 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir"
sh=201367EB88D943210BC5A16641DFFDC79AE943E8 ft=1 fh=2e39df7ae9341275 vn="Win64/Adware.AddLyrics.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver0BlockAndSurf\187_x64.dll.vir"
sh=8B3241690524F3EC73FFDC7643B8BD9F0828C36E ft=1 fh=c71c00110ed2bf93 vn="Variante von Win32/Adware.AddLyrics.DK Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver0BlockAndSurf\BlockAndSurf.exe.vir"
sh=114F9F5F7EB685446DC27608522C1247E64476FD ft=1 fh=179fb43477ba434b vn="Win64/Adware.AddLyrics.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver0BlockAndSurf\x64\TandemRunner.exe.vir"
sh=0F03517DA715FF52EC17F7D0FE3012F784D61F01 ft=1 fh=7ac2e804f6bd4ade vn="Win64/Adware.AddLyrics.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver0BlockAndSurf\x64\webinstrNHKT.sys.vir"
sh=B4B96BE16B6B42F08E2CE8F5C2E097A8BE44BE1B ft=1 fh=65c5b8dedcacebb8 vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jan\AppData\Local\mbot_de_472\upmbot_de_472.exe.vir"
sh=2A6192756BA8B0D408E5B5ACC8EFA947E594AFA7 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"
sh=048EF1B93E015C66745B84738118E005472B70C8 ft=1 fh=d33b6f325258e413 vn="Win32/Adware.ConvertAd.M Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jan\AppData\Roaming\SoftwareUpdater\SoftwareUpdater.exe.vir"
sh=F4D5CDF434EC415390E4A1796A0B5146E108B215 ft=1 fh=b84895a14663e34b vn="Variante von Win32/Adware.ConvertAd.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jan\AppData\Roaming\SoftwareUpdater\UpdateNotifier.exe.vir"
sh=0F03517DA715FF52EC17F7D0FE3012F784D61F01 ft=1 fh=7ac2e804f6bd4ade vn="Win64/Adware.AddLyrics.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\webinstrNHKT.sys.vir"
sh=41DE1AFF8AC7BF30EA7F952825E02FA6EC6A306D ft=1 fh=cfbb424d50a0cab5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\pandasecuritytb\dtUser.exe"
sh=30E5E6B0B58E73CADC4D59EE657E07E5AE9F5813 ft=1 fh=f84afab4951a6e89 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll"
sh=81374ADC5FD8E52504FA3E9A88C38EAA56058384 ft=1 fh=2c5c7dc7e05fe486 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll"
sh=41DE1AFF8AC7BF30EA7F952825E02FA6EC6A306D ft=1 fh=cfbb424d50a0cab5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\dtUser.exe"
sh=EBDFE8732B0597AEF18B3BF2F3C5E377FD8BD8F6 ft=1 fh=7aba58f9a2066b22 vn="Variante von Win64/Rootkit.Kryptik.AG Trojaner" ac=I fn="C:\FRST\Quarantine\C\WINDOWS\system32\drivers\12b083f.sys.xBAD"
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=B77C6E73F424C7E09D95BC34E24DD3D8BA4CD086 ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BU Trojaner" ac=I fn="C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\extensions\{146BF5E7-4201-F0C1-4B02-1E65DFF62642}\components\ShellApplyProperties.js"
sh=614D9529C4AC5698BA44413ED9FF2F2AB7194030 ft=1 fh=fb5c7ba1cde5bf0c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jan\Downloads\FREEAV1504.exe"
sh=156CCCF73C7182D7180561749602DF745F3C5B4C ft=0 fh=0000000000000000 vn="VBS/Butsur.E Wurm" ac=I fn="F:\YO.vbs"
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Jan (administrator) on LENOVO-PC-JAN on 05-02-2015 13:11:36
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available profiles: Jan)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-08-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-26] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2872121507-3017763459-4006799705-1001\...\RunOnce: [Application Restart #1] => C:\Users\Jan\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-01-31] (Pokki)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56888;https=127.0.0.1:56888
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2872121507-3017763459-4006799705-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2872121507-3017763459-4006799705-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2872121507-3017763459-4006799705-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default
FF Homepage: hxxp://www.google.com/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\Extensions\abs@avira.com [2015-01-19]
FF Extension: Shell Apply Properties Undo Unit - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\Extensions\{146BF5E7-4201-F0C1-4B02-1E65DFF62642} [2015-01-17]
FF Extension: No Name - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rt5105eg.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google-Suche) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Google Mail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-26] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-08-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065728 2013-09-26] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 11:44 - 2015-02-05 11:44 - 00010370 _____ () C:\Users\Jan\Desktop\mbam.txt
2015-02-05 11:24 - 2015-02-05 11:40 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 11:21 - 2015-02-05 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 11:21 - 2015-02-05 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 11:21 - 2015-02-05 11:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 11:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-05 11:21 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-05 11:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-04 18:40 - 2015-02-05 13:09 - 00000000 ____D () C:\Users\Jan\Desktop\trojaner-board
2015-02-04 15:05 - 2015-02-04 15:08 - 00000000 ____D () C:\AdwCleaner
2015-02-04 14:59 - 2015-02-04 14:59 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\QuickScan
2015-02-04 14:57 - 2015-02-04 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-04 14:57 - 2015-02-04 14:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-04 14:49 - 2015-02-04 14:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-04 10:59 - 2015-02-05 13:12 - 00018291 _____ () C:\Users\Jan\Desktop\FRST.txt
2015-02-04 10:59 - 2015-02-04 10:59 - 00036337 _____ () C:\Users\Jan\Desktop\Addition.txt
2015-02-04 10:58 - 2015-02-04 10:59 - 00041196 _____ () C:\Users\Jan\Downloads\FRST.txt
2015-02-04 10:58 - 2015-02-04 10:59 - 00036337 _____ () C:\Users\Jan\Downloads\Addition.txt
2015-02-04 10:56 - 2015-02-05 13:11 - 00000000 ____D () C:\FRST
2015-02-04 10:56 - 2015-02-05 10:57 - 02131968 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2015-02-04 10:53 - 2015-02-04 10:53 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2015-02-04 10:53 - 2015-02-04 10:53 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2015-02-04 10:15 - 2015-01-29 14:22 - 00301152 _____ (OptimizerMonitor Inc.) C:\WINDOWS\SysWOW64\OptimizerMonitor.dll
2015-02-04 09:40 - 2015-02-04 09:40 - 01095584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Jan\Downloads\avira_registry_cleaner_de.exe
2015-02-04 09:05 - 2015-02-04 09:05 - 00000000 ____D () C:\OETemp
2015-02-04 08:54 - 2015-02-05 10:48 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-02-04 08:54 - 2015-02-04 08:54 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2015-02-04 08:54 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-02-04 08:53 - 2015-02-04 08:54 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-04 08:53 - 2015-02-04 08:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Panda Security
2015-02-04 08:53 - 2015-02-04 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-04 08:52 - 2015-02-04 08:54 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-04 08:51 - 2015-02-04 08:52 - 58043240 _____ () C:\Users\Jan\Downloads\FREEAV1504.exe
2015-02-02 17:40 - 2015-02-02 17:41 - 19996360 _____ () C:\Users\Jan\Downloads\DrakensangOnlineSetup (1).exe
2015-02-02 17:40 - 2015-02-02 17:40 - 19996360 _____ () C:\Users\Jan\Downloads\DrakensangOnlineSetup.exe
2015-02-02 13:27 - 2015-02-02 13:27 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TERA
2015-02-02 13:26 - 2015-02-02 13:26 - 00000000 ____D () C:\Users\Jan\Downloads\Gameforge Live
2015-02-02 13:25 - 2015-02-02 13:25 - 20201072 _____ (Gameforge ) C:\Users\Jan\Downloads\TERA_GameforgeLiveSetup.exe
2015-02-01 19:51 - 2015-02-01 19:51 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\WebApp
2015-02-01 19:51 - 2015-02-01 19:51 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\IDT
2015-02-01 19:48 - 2015-02-01 19:48 - 00000000 ____D () C:\Users\Jan\Documents\Lenovo
2015-02-01 19:48 - 2015-02-01 19:48 - 00000000 ____D () C:\Users\Jan\Documents\CyberLink
2015-02-01 19:48 - 2015-02-01 19:48 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Lenovo
2015-02-01 19:48 - 2015-02-01 19:48 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\CyberLink
2015-01-30 19:55 - 2015-01-30 19:55 - 00077728 _____ () C:\Users\Jan\Downloads\FLVPlayer-Chrome.exe
2015-01-28 21:01 - 2015-01-28 21:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 20:47 - 2015-01-28 20:47 - 00000000 ____D () C:\Users\Jan\Desktop\Fernuni Hagen
2015-01-25 21:08 - 2015-01-25 21:09 - 00000000 ____D () C:\Users\Jan\Desktop\Wohnungssuche
2015-01-25 20:13 - 2015-01-25 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 20:11 - 2015-02-05 12:21 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 20:11 - 2015-02-05 11:40 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 20:11 - 2015-02-05 11:16 - 00004118 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-25 20:11 - 2015-02-05 11:16 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-25 20:11 - 2015-01-25 20:13 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2015-01-25 20:11 - 2015-01-25 20:12 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-25 20:11 - 2015-01-25 20:11 - 00880784 _____ (Google Inc.) C:\Users\Jan\Downloads\ChromeSetup.exe
2015-01-20 20:17 - 2015-01-21 22:03 - 00028672 ___SH () C:\Users\Jan\Downloads\Thumbs.db
2015-01-19 19:59 - 2015-02-04 09:08 - 00000000 ____D () C:\ProgramData\Avira
2015-01-19 19:59 - 2015-02-04 09:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-19 19:58 - 2015-01-19 19:58 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\dlg
2015-01-18 21:01 - 2015-02-04 16:27 - 00000000 ____D () C:\Users\Jan\Desktop\Bewerbung
2015-01-18 20:21 - 2015-01-18 20:21 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-01-18 20:21 - 2015-01-18 20:21 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-18 20:21 - 2015-01-18 20:21 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\OpenOffice
2015-01-18 20:20 - 2015-01-18 20:20 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-18 20:07 - 2015-01-18 20:17 - 164858324 _____ () C:\Users\Jan\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-01-18 15:25 - 2015-01-18 15:25 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-01-17 11:43 - 2015-01-17 11:43 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-17 11:43 - 2015-01-17 11:43 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-17 11:34 - 2015-02-04 09:08 - 00000000 ____D () C:\Users\Jan\AppData\Local\UXmedia
2015-01-17 11:34 - 2015-02-04 09:08 - 00000000 ____D () C:\Users\Jan\AppData\Local\Edtion
2015-01-17 11:34 - 2015-01-17 11:34 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieBrowserModeList
2015-01-13 22:26 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 22:26 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 22:26 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 22:26 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 22:26 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 22:26 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 22:26 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 22:26 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 22:26 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 22:26 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 22:26 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 22:26 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 22:26 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 22:26 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 22:26 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 22:26 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 22:26 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 22:26 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 22:26 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 22:26 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 22:26 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 22:26 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 22:26 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 22:26 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 22:26 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 22:26 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 22:26 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 22:26 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 22:26 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 22:26 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 22:26 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-07 19:41 - 2015-01-21 21:34 - 00067072 ___SH () C:\Users\Jan\Desktop\Thumbs.db
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-05 12:37 - 2014-08-26 21:47 - 02050449 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-05 11:50 - 2013-08-22 15:46 - 00029338 _____ () C:\WINDOWS\setupact.log
2015-02-05 11:48 - 2014-08-27 07:34 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-05 11:48 - 2014-08-27 07:34 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-05 11:48 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-05 11:41 - 2014-12-13 15:59 - 00000000 ___DO () C:\Users\Jan\OneDrive
2015-02-05 11:40 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-05 11:39 - 2014-08-26 22:57 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-05 11:39 - 2014-03-18 10:44 - 00130416 _____ () C:\WINDOWS\PFRO.log
2015-02-05 11:39 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-05 11:36 - 2014-12-13 16:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2872121507-3017763459-4006799705-1001
2015-02-05 10:51 - 2014-12-13 16:15 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DA52ABCC-602A-4952-87CC-9378739E56A8}
2015-02-04 15:08 - 2014-12-14 12:17 - 00001088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 15:08 - 2014-12-13 15:55 - 00001014 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 15:01 - 2014-08-26 22:15 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-02-04 10:53 - 2014-12-13 15:54 - 00000000 ____D () C:\Users\Jan
2015-02-04 09:57 - 2014-12-13 15:55 - 00000000 ____D () C:\Users\Jan\AppData\Local\Packages
2015-02-04 09:08 - 2013-08-22 15:44 - 00415104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-04 09:05 - 2014-08-26 22:59 - 00000000 ____D () C:\ProgramData\Office2013
2015-02-04 09:05 - 2014-08-26 22:45 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-04 08:20 - 2014-12-13 15:54 - 00000000 ____D () C:\Users\Jan\AppData\Local\Pokki
2015-02-03 09:05 - 2015-01-01 14:00 - 00002347 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-01 19:48 - 2014-08-26 22:57 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-01 19:48 - 2014-08-26 22:48 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-30 15:47 - 2014-12-14 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 21:17 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 15:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 21:20 - 2014-12-13 15:12 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-13 15:12 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-19 20:44 - 2014-08-26 22:49 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-19 20:38 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-17 11:44 - 2014-08-26 22:55 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-17 11:43 - 2014-12-13 16:02 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2015-01-17 11:43 - 2014-12-13 15:55 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe
2015-01-17 11:43 - 2014-08-26 22:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-17 08:23 - 2014-08-26 22:57 - 00009736 _____ () C:\WINDOWS\SysWOW64\VisualDiscovery.ini
2015-01-17 08:23 - 2014-08-26 22:57 - 00004776 _____ () C:\WINDOWS\SysWOW64\VisualDiscoveryOff.ini
2015-01-17 08:23 - 2014-08-26 22:57 - 00004776 _____ () C:\WINDOWS\system32\VisualDiscoveryOff.ini
2015-01-14 18:50 - 2014-12-13 17:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 18:48 - 2014-12-13 17:07 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 19:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
==================== Files in the root of some directories =======
2014-08-26 22:14 - 2014-08-26 22:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-31 17:37
==================== End Of Log ============================ --- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Jan at 2015-02-05 13:12:24
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.926.1 - Vimicro)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-2872121507-3017763459-4006799705-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Start Menu (HKU\S-1-5-21-2872121507-3017763459-4006799705-1001\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-02-2015 15:15:48 Geplanter Prüfpunkt
04-02-2015 14:50:38 Revo Uninstaller's restore point - BlockAndSurf
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0BCF3F50-A5B8-453D-BCCF-4400FF65F51C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {2096A84C-18D0-4905-99FD-E21D2BC0095A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {2EF51ED5-E206-4E25-81AB-E84D5B1B285B} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-21] (Lenovo)
Task: {5795AEA2-D68C-4F8E-A913-A125754E3F21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {67A8703A-F7A1-4F6B-A133-6A9906F7E542} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {70362DC9-33BA-4DDF-850D-466ED3AA6A1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {8F617041-9525-40CD-96EE-F6238AFB5785} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {9DE7D9CD-A4FC-47F7-AA97-FA7B1D0CDD0E} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {A14B0958-30D8-474A-AE97-99C5201D9BFA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {B9DFC9AA-5070-4376-A0F6-21F190D35869} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CC907E5A-142A-44F7-AB66-D673E2DBDABC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {D2183EEA-BEE2-4A54-80EA-0FE8355A6B58} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {D29633D3-AC2E-44A8-9DC5-71671624E746} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-08-26 22:52 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-08-26 22:57 - 2014-08-26 22:57 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-08-26 22:57 - 2014-08-26 22:57 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-02-04 09:18 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-04 09:18 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-04 09:18 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-08-26 22:11 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Jan\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\OptimizerMonitor => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2872121507-3017763459-4006799705-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jan\Pictures\sunset.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2872121507-3017763459-4006799705-500 - Administrator - Disabled)
Gast (S-1-5-21-2872121507-3017763459-4006799705-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2872121507-3017763459-4006799705-1003 - Limited - Enabled)
Jan (S-1-5-21-2872121507-3017763459-4006799705-1001 - Administrator - Enabled) => C:\Users\Jan
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2015 01:05:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/05/2015 11:54:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/05/2015 11:54:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/05/2015 11:54:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/05/2015 11:53:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/05/2015 11:52:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
System errors:
=============
Error: (02/05/2015 11:40:34 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (02/05/2015 11:40:26 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126
Error: (02/05/2015 11:02:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/05/2015 10:59:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (02/05/2015 10:59:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126
Error: (02/05/2015 10:58:20 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC-JAN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (02/05/2015 10:57:50 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC-JAN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (02/04/2015 06:41:57 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC-JAN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (02/04/2015 06:41:26 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC-JAN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (02/04/2015 04:30:53 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC-JAN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Microsoft Office Sessions:
=========================
Error: (02/05/2015 01:05:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (02/05/2015 11:54:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jan\Desktop\esetsmartinstaller_deu.exe
Error: (02/05/2015 11:54:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jan\Desktop\esetsmartinstaller_deu.exe
Error: (02/05/2015 11:54:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jan\Desktop\esetsmartinstaller_deu.exe
Error: (02/05/2015 11:53:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jan\Desktop\esetsmartinstaller_deu.exe
Error: (02/05/2015 11:52:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jan\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2015-02-04 15:09:02.267
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-04 11:08:53.875
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-04 09:42:57.460
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-04 09:08:12.502
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-01 19:53:07.337
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-30 15:47:03.494
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-30 14:50:40.882
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-20 19:50:09.519
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-19 20:43:48.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-17 08:22:49.231
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\12b083f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8116.27 MB
Available physical RAM: 6058.35 MB
Total Pagefile: 16820.27 MB
Available Pagefile: 14424.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:889.18 GB) (Free:830.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.39 GB) NTFS
Drive f: (WEIBEREIEN) (Fixed) (Total:465.65 GB) (Free:351.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B7E5F53B)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: DF727AC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
==================== End Of Log ============================ |