| Lina77707 | 03.06.2015 21:58 |
Bei FRST gab es diesmal schon beim Download Warnungen. Beim Ausführen meldete sich Win-Smartscreen und wollte es ebenfalls verhindern. War vorhin noch nicht so aber das hat sicher nix zu sagen. Werbung sehe ich momentan nicht mehr.
:dankeschoen:
Hier kommen die Logs: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 03.06.2015
Suchlauf-Zeit: 22:11:37
Logdatei: antimalware.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.06.03.05
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Lina
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 344239
Verstrichene Zeit: 16 Min, 43 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 7
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [1f32ffb7c9c188ae0351542d07fe02fe],
PUP.Optional.WebProtector.A, HKLM\SOFTWARE\WOW6432NODE\LiveUpdateWPP, In Quarantäne, [79d835818505e65079a9314717eed32d],
PUP.Optional.WebProtector.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kfecnpmgnlnbmipaogfhoacoioifjgko, In Quarantäne, [7dd4397d8208f34342c5740d35d08b75],
PUP.Optional.VisualDiscovery.A, HKLM\SOFTWARE\WOW6432NODE\LENOVO\VisualDiscovery, In Quarantäne, [ec655d591f6b2511cee0c02963a0e61a],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [d77a1b9b7713dc5a7d291a653cc955ab],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [8ac744723654191d86ce21600ef759a7],
PUP.Optional.WebProtector.A, HKU\S-1-5-21-2680651648-731210425-3094206627-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kfecnpmgnlnbmipaogfhoacoioifjgko, In Quarantäne, [5ff253630c7e3402d72f542d1aeb33cd],
Registrierungswerte: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [1f32ffb7c9c188ae0351542d07fe02fe]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [8ac744723654191d86ce21600ef759a7]
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 4
PUP.Optional.InstallCore.A, C:\Users\Lina\AppData\Local\Temp\ICSW1.91.9_0D1F2W1G1I1F1T1Q0A1B2Z1C1F1V0P0P0C1.9.exe, In Quarantäne, [6ce5e0d6eaa087af3e6f1f4844befd03],
PUP.Optional.InstallCore.A, C:\Users\Lina\AppData\Local\Temp\ICSW1.9_0D1F2W1G1I1F1T1Q0A1B2Z1C1F1V0P0P0C1.9.exe, In Quarantäne, [a9a84b6b325876c000add3945fa342be],
PUP.Optional.VisualDiscovery.A, C:\Windows\Temp\VisualDiscoveryr.log, In Quarantäne, [79d84076b3d785b10f9d8c5d36cdf808],
PUP.Optional.VisualDiscovery.A, C:\Windows\Temp\VisualDiscovery.log, In Quarantäne, [351ccee8bdcd6fc7f6b750997b88d32d],
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Lina (administrator) on LAPPITOPPI on 03-06-2015 22:50:45
Running from C:\Users\Lina\Desktop
Loaded Profiles: Lina (Available Profiles: Lina)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-10-21] (Synaptics Incorporated)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791368 2015-02-15] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-02-15] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\...\Run: [BingSvc] => C:\Users\Lina\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\...\Run: [GoogleChromeAutoLaunch_6195E6D1CAC39D43FA12DFE027FD730F] => C:\Users\Lina\AppData\Local\Chromium\Application\chrome.exe [656384 2015-05-18] (The Chromium Authors)
AppInit_DLLs-x32: c:\programdata\securityutility\securityutility32.dll => "c:\programdata\securityutility\securityutility32.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-03-23] (Lenovo Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [644080 2014-10-22] ()
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-20] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2014-12-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-18] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2005320 2014-10-13] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [625608 2015-03-23] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-02-15] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2015-06-03] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-25] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-14] (Maxthon)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-17] (Lenovo(beijing) Limited)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-02-15] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-02-15] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-10-21] (Synaptics Incorporated)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-02-15] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2014-11-20] (Windows (R) Win 7 DDK provider)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [219592 2014-08-13] (Intel Corporation)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-10-21] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [3554968 2014-08-25] (Sonix Co. Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 22:50 - 2015-06-03 22:51 - 00016775 _____ C:\Users\Lina\Desktop\FRST.txt
2015-06-03 22:46 - 2015-06-03 22:46 - 02108928 _____ (Farbar) C:\Users\Lina\Desktop\FRST64.exe
2015-06-03 22:39 - 2015-06-03 22:39 - 00003121 _____ C:\Users\Lina\Desktop\antimalware.txt
2015-06-03 22:09 - 2015-06-03 22:11 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 22:09 - 2015-06-03 22:09 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-03 22:09 - 2015-06-03 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-03 22:09 - 2015-06-03 22:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-03 22:09 - 2015-06-03 22:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-03 22:09 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-03 22:09 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-03 22:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-03 20:06 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-06-03 19:42 - 2015-06-03 19:46 - 00000000 ____D C:\AdwCleaner
2015-06-03 19:39 - 2015-06-03 19:39 - 00000021 _____ C:\ProgramData\settings.cfg
2015-06-03 18:23 - 2015-06-03 18:23 - 00000000 ____D C:\Users\Public\Pokki
2015-06-03 18:22 - 2015-06-03 18:22 - 00002360 _____ C:\Users\Lina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2015-06-03 18:22 - 2015-06-03 18:22 - 00002300 _____ C:\Users\Lina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-06-03 18:22 - 2015-06-03 18:22 - 00002129 _____ C:\Users\Lina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-06-03 18:04 - 2015-06-03 18:04 - 00000000 _____ C:\Users\Lina\defogger_reenable
2015-06-03 17:49 - 2015-06-03 22:50 - 00000000 ____D C:\FRST
2015-06-01 15:28 - 2015-06-01 15:28 - 00000000 ____D C:\Users\Lina\AppData\Local\GWX
2015-06-01 15:12 - 2015-06-01 15:12 - 00002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-06-01 15:12 - 2015-06-01 15:12 - 00000000 ____D C:\Users\Lina\AppData\Local\CrashRpt
2015-06-01 15:12 - 2015-06-01 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-06-01 15:12 - 2015-06-01 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-06-01 15:11 - 2015-06-03 22:11 - 00000346 _____ C:\WINDOWS\Tasks\Chromium.job
2015-06-01 15:11 - 2015-06-01 15:11 - 00002684 _____ C:\WINDOWS\System32\Tasks\Chromium
2015-06-01 15:11 - 2015-06-01 15:11 - 00000000 ____D C:\Users\Lina\AppData\Local\WinZip
2015-06-01 15:11 - 2015-06-01 15:11 - 00000000 ____D C:\Users\Lina\AppData\Local\Chromium
2015-06-01 15:11 - 2015-06-01 15:11 - 00000000 ____D C:\ProgramData\WinZip
2015-06-01 15:11 - 2015-06-01 15:11 - 00000000 ____D C:\ProgramData\Ashampoo
2015-06-01 15:11 - 2015-06-01 15:11 - 00000000 ____D C:\Program Files\WinZip
2015-06-01 15:11 - 2015-06-01 15:11 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2015-06-01 15:10 - 2015-06-03 22:43 - 00000386 _____ C:\WINDOWS\Tasks\UOCFJS1.job
2015-06-01 15:10 - 2015-06-01 15:10 - 00002900 _____ C:\WINDOWS\System32\Tasks\UOCFJS1
2015-06-01 15:10 - 2015-06-01 15:10 - 00000000 ____D C:\Users\Lina\AppData\Roaming\Nico Mak Computing
2015-06-01 15:10 - 2015-06-01 15:10 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-06-01 15:09 - 2015-06-01 15:09 - 00000000 ____D C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2015-06-01 15:08 - 2015-06-01 15:08 - 00000000 ____D C:\Users\Lina\AppData\Roaming\Nitro PDF
2015-06-01 15:08 - 2015-06-01 15:08 - 00000000 ____D C:\Users\Lina\AppData\Roaming\Mozilla
2015-06-01 15:07 - 2015-06-01 15:07 - 00000000 ____D C:\Users\Lina\AppData\Roaming\WinZip
2015-05-19 17:13 - 2015-05-19 17:13 - 00000330 _____ C:\Users\Lina\Desktop\Google.url
2015-05-19 17:13 - 2015-05-19 17:13 - 00000000 ____D C:\Users\Lina\AppData\Roaming\googleico
2015-05-17 08:32 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 08:32 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 09:19 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-14 09:19 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-14 09:19 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-14 09:19 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-14 09:19 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-14 09:19 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-14 09:19 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-14 09:19 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-14 09:19 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-14 09:19 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-14 09:19 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-14 09:19 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-14 09:19 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-14 09:19 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-14 09:19 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-14 09:19 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-14 09:19 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-14 09:19 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-14 09:19 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-14 09:19 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-14 09:19 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-14 09:19 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-14 09:19 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-14 09:19 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-14 09:19 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-14 09:19 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-14 09:19 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-14 09:19 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-14 09:19 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-14 09:19 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-14 09:19 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-14 09:19 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-14 09:19 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-14 09:19 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-14 09:19 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-14 09:19 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-14 09:19 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-14 09:19 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-14 09:19 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-14 09:19 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-14 09:19 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-14 09:19 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-14 09:19 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-14 09:19 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-14 09:19 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-14 09:19 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-14 09:19 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-14 09:19 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-14 09:19 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-14 09:19 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-14 09:19 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-14 09:19 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-14 09:19 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-14 09:19 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-14 09:19 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-14 09:19 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-14 09:19 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-14 09:19 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-14 09:19 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-14 09:19 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-14 09:19 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-14 09:19 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-14 09:19 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-14 09:19 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-14 09:19 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-14 09:19 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-14 09:19 - 2015-03-13 02:29 - 00410017 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-14 09:19 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-14 09:19 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-14 09:19 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-14 09:19 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-14 09:19 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-14 09:19 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-14 09:19 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-14 09:19 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-14 09:19 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-14 09:19 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-14 09:19 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-10 17:13 - 2015-05-21 19:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-10 17:13 - 2015-05-21 19:43 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-09 22:46 - 2015-05-09 22:46 - 00001100 _____ C:\Users\Lina\Desktop\Minecraft.lnk
2015-05-09 22:44 - 2015-05-09 22:44 - 00000000 ____D C:\Users\Lina\AppData\Roaming\WinRAR
2015-05-09 22:44 - 2015-05-09 22:44 - 00000000 ____D C:\Users\Lina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-09 22:44 - 2015-05-09 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-09 22:44 - 2015-05-09 22:44 - 00000000 ____D C:\Program Files\WinRAR
2015-05-07 20:11 - 2015-05-07 20:11 - 00000000 ____D C:\WINDOWS\system32\appraiser
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 22:48 - 2015-02-14 23:31 - 01884089 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-03 22:47 - 2015-02-15 01:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-06-03 22:46 - 2015-02-14 23:33 - 00001260 _____ C:\WINDOWS\lupdate.log
2015-06-03 22:45 - 2015-02-15 00:35 - 00006400 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-06-03 22:43 - 2015-04-25 20:11 - 00000000 ___RD C:\Users\Lina\OneDrive
2015-06-03 22:42 - 2015-02-15 01:20 - 00002560 _____ C:\WINDOWS\system32\VfService.trf
2015-06-03 22:42 - 2015-02-14 23:25 - 00153336 _____ C:\WINDOWS\system32\wpbbin.exe
2015-06-03 22:42 - 2015-02-14 23:25 - 00111088 _____ (Lenovo (Beijing) Limited) C:\WINDOWS\system32\LenovoCheck.exe
2015-06-03 22:42 - 2015-02-14 23:25 - 00026608 _____ (Lenovo) C:\WINDOWS\system32\LenovoUpdate.exe
2015-06-03 22:42 - 2014-03-18 11:44 - 00016800 _____ C:\WINDOWS\PFRO.log
2015-06-03 22:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-03 22:42 - 2013-08-22 16:46 - 00033624 _____ C:\WINDOWS\setupact.log
2015-06-03 22:42 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-03 22:29 - 2015-04-25 20:13 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2680651648-731210425-3094206627-1001
2015-06-03 22:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-03 20:07 - 2015-02-15 01:20 - 00000000 ____D C:\ProgramData\McAfee
2015-06-03 20:06 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-03 20:05 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-06-03 18:52 - 2015-04-25 20:13 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0AAF440D-BDBA-4476-B50E-9CD24E0893B8}
2015-06-03 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-03 18:38 - 2015-04-25 20:03 - 00000000 ____D C:\Users\Lina
2015-06-03 12:42 - 2015-04-25 20:38 - 00000000 ____D C:\Users\Lina\AppData\Roaming\.minecraft
2015-06-03 12:10 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-01 15:29 - 2015-02-15 00:31 - 01828622 _____ C:\Users\Public\CAFADEBUG.log
2015-06-01 15:21 - 2015-04-25 21:27 - 00000000 ____D C:\Users\Lina\AppData\Roaming\Skype
2015-05-26 19:40 - 2015-04-25 21:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-21 19:44 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-05-19 17:08 - 2013-08-22 16:44 - 00346960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-17 10:11 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-17 10:07 - 2015-04-30 18:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-17 10:06 - 2015-04-30 18:36 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-17 08:51 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-05-17 08:25 - 2014-03-18 11:38 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 09:11 - 2015-02-15 08:20 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-05-14 09:11 - 2015-02-15 08:20 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-05-14 09:11 - 2014-03-18 11:53 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-14 09:03 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-05-14 09:03 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-14 09:03 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-14 09:03 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 09:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-05-14 09:03 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-05-14 09:03 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-05-09 14:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-05-07 20:11 - 2015-02-15 00:05 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-05-07 20:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-05-07 20:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-05-07 20:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-05-07 20:11 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-05-07 19:41 - 2015-04-30 20:05 - 00000215 _____ C:\Users\Lina\Desktop\Lina.txt
2015-05-05 19:59 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-02-15 00:30 - 2015-02-15 00:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-03 19:39 - 2015-06-03 19:39 - 0000021 _____ () C:\ProgramData\settings.cfg
Some files in TEMP:
====================
C:\Users\Lina\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Lina\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Lina\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Lina\AppData\Local\Temp\Quarantine.exe
C:\Users\Lina\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-10 17:23
==================== End of log ============================
--- --- ---
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Lina at 2015-06-03 22:51:38
Running from C:\Users\Lina\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2680651648-731210425-3094206627-500 - Administrator - Disabled)
Gast (S-1-5-21-2680651648-731210425-3094206627-501 - Limited - Disabled)
Lina (S-1-5-21-2680651648-731210425-3094206627-1001 - Administrator - Enabled) => C:\Users\Lina
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{F5AD1546-40C5-9831-DD7C-683158736E06}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ashampoo Snap 8 v.8.0.2 (HKLM-x32\...\{C92AB6F1-3B65-B79C-9019-8640F02B7C58}_is1) (Version: 8.0.2 - Ashampoo GmbH & Co. KG)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.1.0.7 - Lenovo)
Chromium (HKU\S-1-5-21-2680651648-731210425-3094206627-1001\...\Chromium) (Version: 45.0.2406.0 - Chromium)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.52 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5BC2A343-DED5-40E8-8F64-472FD74D80EA}) (Version: 17.1.1433.02 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1324.7_WHQL - Sonix)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 2.0.0.19 - Lenovo) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1826.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1826.01 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6806.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.6806.52 - CyberLink Corp.) Hidden
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.24.256 - Lenovo Corporation)
Lenovo Settings (HKLM\...\{D14CCBF5-1A3A-4C08-955B-BE6D519835C4}_is1) (Version: 2.0.0.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.0.20 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.6 - Lenovo Group Limited)
Lenovo Settings WiFi (HKLM\...\{86045A6C-C156-4349-A3E2-47A88A42F5C2}_is1) (Version: 2.0.0.4 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.1.14.6181 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 2.0.0.5 - Ihr Firmenname)
LenovoUtility (x32 Version: 2.0.0.5 - Ihr Firmenname) Hidden
LiveUpdateWPP (HKLM-x32\...\LiveUpdateWPP) (Version: - Anti-phishing database updater for Web Protector Plus. This service keeps your computer updated with the newest database of known Internet threats.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Ihr Firmenname)
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo)
OneKey Optimizer (x32 Version: 1.1.20.16 - Lenovo) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.132 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
25-04-2015 19:59:38 Windows Modules Installer
30-04-2015 18:12:01 Windows Update
04-05-2015 17:32:14 Windows Update
07-05-2015 20:02:02 Windows Update
14-05-2015 09:02:05 Windows Update
17-05-2015 10:03:30 Windows Update
21-05-2015 19:42:41 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2C6C6015-1FA2-4699-B3AF-57CC18192A87} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {32751FDE-BE62-42A8-BA65-1F1BDF031F88} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {3B42D15B-3666-4638-88E6-2050350F0A4F} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {3B567ABB-6024-4AD2-9886-0A514DB3470E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {493274B8-4E07-4CBC-B844-FA0A36063A06} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {67CEA63C-F976-4E98-BF8D-3F967B2099B6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {69C17EF2-C381-448F-8F39-6947B7DF10C5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {78F11C29-0AB1-410F-9EC5-963E4E0420C6} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {7A4168CC-9B00-4427-A035-1E18649D6ADA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {858DF1D2-E44A-4A23-B1F8-73C0F6C4CA0D} - System32\Tasks\Chromium => C:\Users\Lina\AppData\Local\Chromium\Application\45.0.2406.0\Installer\uninstall.exe [2015-06-01] ()
Task: {91200E0B-BD67-4891-8228-D22617E3E7E6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-17] (Microsoft Corporation)
Task: {959F4B67-250D-404D-8DC0-7DF5DD50ACE4} - System32\Tasks\UOCFJS1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe
Task: {9671B20C-4E36-49C7-A0B3-7259D7CC2B00} - System32\Tasks\{F209D7FF-61D1-403B-8561-44E82A88FE52} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.4.64.102/de/abandoninstall?page=tsMain
Task: {99F936ED-3B51-40D7-B941-DD1C8E8457E2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {9B8384D3-F1EB-4D5E-835A-1CA68F175799} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {A47A0A46-6B78-4D5E-979E-1108DD1FE85A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {A5520511-0986-480A-BB9B-09FF45947C0B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {AE5B0042-959D-4D97-A97A-35E8772EDBD8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C5C27B0D-E31E-4DB1-AF2E-1B10116E78A5} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {CED039EF-1F04-4AA5-900D-4DC90D354F8D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {E28E9FB8-2EDF-4F2D-B5BE-DF51ABD69297} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F81772E3-D349-4EB9-8207-CF9BD7C16C7A} - System32\Tasks\Lenovo\StartLenovoMessenger => C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe [2014-11-21] ()
Task: {F942FA93-1017-4917-80ED-16D80275B003} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-04-25] (Lenovo)
Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\Lina\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\UOCFJS1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe
==================== Loaded Modules (Whitelisted) ==============
2015-02-15 01:28 - 2015-02-15 01:28 - 00133440 _____ () C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
2015-02-15 01:23 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-15 01:19 - 2015-02-15 01:19 - 00068880 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2015-02-15 01:19 - 2015-02-15 01:19 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2015-02-15 01:31 - 2014-11-17 16:35 - 00036632 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2015-02-15 01:31 - 2014-11-17 16:35 - 00166680 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2015-02-14 16:10 - 2014-12-19 06:03 - 00391784 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-02-15 01:19 - 2014-10-22 11:15 - 00644080 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2015-02-15 01:19 - 2014-10-22 11:15 - 00410096 _____ () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
2014-11-21 12:59 - 2014-11-21 12:59 - 00462592 _____ () C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe
2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Lina\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lina\Pictures\Camera Roll\WIN_20150430_194708 (2).JPG
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKLM\...\StartupApproved\Run: => "LMCSSTART2"
HKLM\...\StartupApproved\Run: => "LMCSSTART1"
HKLM\...\StartupApproved\Run: => "LMCSSTART3"
HKLM\...\StartupApproved\Run: => "OneKeyOptimizer"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6195E6D1CAC39D43FA12DFE027FD730F"
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2680651648-731210425-3094206627-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C1137FE6-E5B3-4916-8A3F-24234F2FD03A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5D78668E-8015-4475-B048-915979EC9F57}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{8B78B99A-A9A0-48FA-BCA4-CF40BD11E01E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{2F358037-C677-4ABD-9FC7-23E335EA589F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{84B497A2-C968-4192-AD17-00DE9D2FCDC5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{42186D71-D919-47CB-8D03-CE841C4E3EE9}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{3C0B2B8E-D961-4860-BE66-86A99A4ABEFF}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{FBCB161C-B8D1-47A8-BA47-3043BFA63601}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C503532E-F3AC-4824-B95A-5EAA54F48EA6}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{427097EB-93EC-4584-8558-B6AAC52486FC}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{85FE8EF9-B890-4278-ADC5-D2E1CDF88693}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{C637C98C-CC11-4A75-A222-6EF0724A4C2E}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{23983021-F9A3-4F19-BB0B-242960916D90}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{4EA55CA1-F308-4239-9DF3-A3F80E8F635C}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{4ACE84EC-C6CB-4A36-9B97-8170FF5F46FB}] => (Allow) LPort=55100
FirewallRules: [{9C053D3F-C0EC-4B5E-994F-8B507DB8495C}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [TCP Query User{353172CA-B403-45D7-AD38-F9F152D8E605}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CA4229F0-EC2A-4AB4-90CC-B0BD8716F6D2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{323D262D-4724-463A-A44F-AD00ECA9D69A}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1EF82BD3-1F8E-4FB7-961D-193DD8A54600}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FD08F35B-B444-43B0-9047-951143530A4B}] => (Allow) C:\Users\Lina\AppData\Local\Chromium\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/03/2015 10:46:13 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x0000031a
Error: (06/03/2015 08:27:16 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x0000375a
Error: (06/03/2015 08:27:16 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000001
Error: (06/03/2015 08:10:40 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x000002ad
Error: (06/03/2015 08:05:54 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00002e86
Error: (06/03/2015 08:05:54 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000001
Error: (06/03/2015 07:50:25 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00000395
Error: (06/03/2015 07:40:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Settings.exe, Version 2.3.3.23694 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14ec
Startzeit: 01d09e2447af3e56
Endzeit: 4234
Anwendungspfad: C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_2.3.3.23694_x86__4642shxvsv8s2\Settings.exe
Berichts-ID: 9f2506a2-0a17-11e5-826a-d07e35e6a8d8
Vollständiger Name des fehlerhaften Pakets: LenovoCorporation.LenovoSettings_2.3.3.23694_x86__4642shxvsv8s2
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (06/03/2015 07:37:05 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x000002c1
Error: (06/03/2015 07:11:14 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00003200
System errors:
=============
Error: (06/03/2015 10:42:17 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Diagnostics Tracking Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (06/03/2015 08:06:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024001e fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602 (Definition 1.199.1615.0)
Error: (06/03/2015 08:05:02 PM) (Source: DCOM) (EventID: 10010) (User: LAPPITOPPI)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (06/03/2015 08:04:32 PM) (Source: DCOM) (EventID: 10010) (User: LAPPITOPPI)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (06/03/2015 07:53:00 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (06/03/2015 07:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (06/03/2015 07:46:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll
Error: (06/03/2015 07:46:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll
Error: (06/03/2015 07:46:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll
Error: (06/03/2015 07:46:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/03/2015 10:46:13 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x0000031a
Error: (06/03/2015 08:27:16 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x0000375a
Error: (06/03/2015 08:27:16 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000001
Error: (06/03/2015 08:10:40 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x000002ad
Error: (06/03/2015 08:05:54 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00002e86
Error: (06/03/2015 08:05:54 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000001
Error: (06/03/2015 07:50:25 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00000395
Error: (06/03/2015 07:40:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Settings.exe2.3.3.2369414ec01d09e2447af3e564234C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_2.3.3.23694_x86__4642shxvsv8s2\Settings.exe9f2506a2-0a17-11e5-826a-d07e35e6a8d8LenovoCorporation.LenovoSettings_2.3.3.23694_x86__4642shxvsv8s2App
Error: (06/03/2015 07:37:05 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x000002c1
Error: (06/03/2015 07:11:14 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00003200
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8106.45 MB
Available physical RAM: 6314.72 MB
Total Pagefile: 9386.45 MB
Available Pagefile: 7552.37 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:889.31 GB) (Free:844.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A65EF5F)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- --- |
Hinweis:
AdwCleaner auf deinen Desktop.
