| |
| |||||||
Log-Analyse und Auswertung: Nach qvo6 und SpyHunter Infektion noch Anzeichen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.07.2013, 09:09
| #1 |
| |  Nach qvo6 und SpyHunter Infektion noch Anzeichen? Hallo Leute, Vor kurzem hatte ich mich mit dem tollen Hijacker qvo6 infiziert. Jugendlichem Leichtsinn folgende, vertraute ich natürlich dem tollen SpyHunter Programm, der nach einer gründlichen Inspektion meines Systems einiges an Malware fand. Erst als ich mich registrieren sollte, bekam ich erste Zweifel, eingehenderes Auseinandersetzen mit dem Programm entlarvte es selbst als gewiefte Malware  Entsprechend hab ich das Programm deinstalliert und Scans mit Malwarebyte, Adwcleaner06 und Spybot2.1 durchgeführt, um die hartnäckige Mal- und Adware zu killen. Anscheinend mit Erfolg, zumindest funktioniert mein Browser problemlos und der komische Prozess ist weg. Jedoch plagen mich einige Zweifel, ob jetzt wirklich alles Virenfrei ist und da der PC auch für private Zwecke fürs Online-Banking etc. benutzt werden, wollte ich nun Klarheit mit eurer Hilfe erlangen.  Habe die Hilfestellung durchgelesen und Schritt für Schritt alles durchgescannt. OTL-Scan (Username durch ..... ersetzt) Code:
ATTFilter OTL logfile created on: 22.07.2013 09:12:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\.....\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,98% Memory free 7,82 Gb Paging File | 6,16 Gb Available in Paging File | 78,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,82 Gb Total Space | 252,62 Gb Free Space | 55,54% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 0,39 Gb Free Space | 4,03% Space Free | Partition Type: NTFS Computer Name: .....-NOTEBOOK | User Name: ..... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.22 09:09:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\.....\Downloads\OTL.exe PRC - [2013.06.27 12:49:19 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.27 12:47:34 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.27 12:47:33 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.19 16:59:58 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2013.06.19 16:59:42 | 000,557,968 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.26 10:01:24 | 000,062,456 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2013.02.26 10:01:22 | 000,060,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe PRC - [2013.02.26 10:01:08 | 000,044,024 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.17 05:58:42 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.01.07 13:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2010.12.02 05:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.11.25 09:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2010.11.24 09:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010.04.01 07:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013.06.19 17:00:31 | 000,063,376 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.02.04 08:30:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.01.13 14:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2010.12.17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2010.11.12 11:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.07.05 21:10:52 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.27 12:49:19 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.27 12:47:34 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.19 16:59:42 | 000,557,968 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2013.06.15 01:03:45 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 10:01:24 | 000,062,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2013.02.26 10:01:08 | 000,044,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2013.01.08 18:23:50 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.04.24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.02.03 20:44:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2011.01.07 13:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010.12.03 13:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV - [2010.12.03 04:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2010.12.02 05:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.11.25 09:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2010.11.24 09:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.04.12 10:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2013.06.19 16:42:19 | 000,052,080 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64-6.sys -- (vpnva) DRV:64bit: - [2013.06.19 16:40:12 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2013.04.28 21:42:02 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.28 21:42:02 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.28 21:42:02 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.13 17:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.12.12 17:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.06 14:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.23 17:10:13 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2011.03.25 11:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.03.24 16:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.03.24 12:50:30 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2011.02.04 08:59:50 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.02.04 07:53:42 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.02.03 20:44:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2011.01.13 14:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011.01.13 14:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2010.12.14 19:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:64bit: - [2010.12.07 13:06:42 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.01 05:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.12 11:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.07 07:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010.06.21 05:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.06.21 05:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2010.06.21 05:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.06.21 05:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2010.05.12 18:33:35 | 000,022,328 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2010.05.12 12:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.02 04:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.06.27 17:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0) DRV - [2010.12.03 13:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{86C70F2C-80BC-425A-B37A-326DAF72A501}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{F2140CFD-E856-402B-8A59-7EA582C45A4A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{82CB8F10-536D-4340-ADF0-D965E260D8C6}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;localhos IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.27 01:21:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.05 21:10:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.05 21:10:48 | 000,000,000 | ---D | M] [2011.12.22 21:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Extensions [2013.07.21 22:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\dbjd522f.default\extensions [2013.07.21 08:35:00 | 000,050,777 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\dbjd522f.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.05.10 11:08:33 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\dbjd522f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.05 21:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.05 21:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.05 21:10:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E8B4238-A2E7-432F-84F6-9BB46CA6A7E2}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.21 22:42:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk Q:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.22 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.07.22 00:05:01 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.07.22 00:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.07.21 23:47:37 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Local\Conexant [2013.07.21 23:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant [2013.07.21 23:22:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.21 22:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.21 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.07.21 18:27:28 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Local\Cisco [2013.07.21 18:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2013.07.21 18:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2013.07.21 18:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2013.07.21 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.07.21 18:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.07.21 16:01:02 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Roaming\Malwarebytes [2013.07.21 16:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.21 16:00:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.21 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.21 16:00:45 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Local\Programs [2013.07.05 21:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.22 09:09:46 | 000,000,000 | ---- | M] () -- C:\Users\.....\defogger_reenable [2013.07.22 09:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.22 09:00:12 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.07.22 07:44:26 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 07:44:26 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 07:44:23 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.22 07:44:23 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.22 07:44:23 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.22 07:44:23 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.22 07:44:23 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.22 07:36:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.22 07:36:20 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys [2013.07.22 00:05:04 | 000,001,390 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.07.21 22:42:47 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.07.21 16:00:55 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.18 23:00:44 | 000,343,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.06 15:30:00 | 000,000,854 | ---- | M] () -- C:\Users\.....\.recently-used.xbel [2013.07.06 15:13:21 | 002,533,109 | ---- | M] () -- C:\Users\.....\Desktop\CCI14022013_00000.jpg [2013.07.04 12:38:19 | 000,001,829 | ---- | M] () -- C:\Users\.....\Desktop\Spotify.lnk [2013.07.04 12:31:16 | 000,000,355 | ---- | M] () -- C:\Users\.....\Documents\Computer - Verknüpfung.lnk [2013.07.01 16:05:52 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.07.01 00:15:12 | 004,250,584 | ---- | M] () -- C:\Users\Public\Documents\Physio.odp [2013.06.27 12:49:51 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.22 09:09:46 | 000,000,000 | ---- | C] () -- C:\Users\.....\defogger_reenable [2013.07.22 00:05:04 | 000,001,402 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.07.22 00:05:04 | 000,001,390 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.07.21 22:42:47 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.07.21 16:00:55 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.06 15:30:00 | 000,000,854 | ---- | C] () -- C:\Users\.....\.recently-used.xbel [2013.07.06 15:13:18 | 002,533,109 | ---- | C] () -- C:\Users\.....\Desktop\CCI14022013_00000.jpg [2013.07.04 12:31:16 | 000,000,355 | ---- | C] () -- C:\Users\.....\Documents\Computer - Verknüpfung.lnk [2013.07.01 16:07:11 | 004,250,584 | ---- | C] () -- C:\Users\Public\Documents\Physio.odp [2012.12.12 17:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.12 17:38:16 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.12.12 17:38:14 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.01.29 11:18:01 | 000,045,270 | ---- | C] () -- C:\Users\.....\AppData\Roaming\room_v3.dat [2012.01.06 13:04:03 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\3FABBAB76C.sys [2012.01.06 13:04:00 | 000,001,890 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2012.01.05 15:23:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\6CB7BAAB3F.sys [2012.01.05 13:13:37 | 000,000,088 | RHS- | C] () -- C:\ProgramData\67394B94E9.sys [2011.09.04 18:05:50 | 000,002,724 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.11.26 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\BitComet [2012.09.22 09:49:43 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ColorSchemer [2013.06.16 23:55:02 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Dropbox [2013.05.17 22:20:03 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\GarenaPlus [2012.09.13 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\gtk-2.0 [2011.12.28 02:45:11 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\LolClient [2012.06.22 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\LolClient2 [2011.08.22 17:42:26 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\OpenOffice.org [2011.08.02 15:07:17 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\PCDr [2011.10.23 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ProtectDisc [2011.07.31 12:59:18 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\PwrMgr [2011.10.11 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ratiopharm [2013.07.22 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Spotify [2013.07.21 21:03:55 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\TS3Client [2013.06.02 13:50:20 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\TuneUp Software [2013.01.01 06:28:05 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ultrastardx [2011.07.31 12:56:37 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Update ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.07.2013 09:12:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\.....\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,98% Memory free
7,82 Gb Paging File | 6,16 Gb Available in Paging File | 78,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,82 Gb Total Space | 252,62 Gb Free Space | 55,54% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 0,39 Gb Free Space | 4,03% Space Free | Partition Type: NTFS
Computer Name: .....-NOTEBOOK | User Name: ..... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06975863-0254-40AE-890C-276CA563FEA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06F2BA29-784A-4405-980A-5174E12FD0E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CD1D1B2-3BDC-4105-936A-EC90099BB896}" = lport=57599 | protocol=6 | dir=in | name=pando media booster |
"{0F93EC0F-014A-4F68-AAE5-E9E6CDDC350A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18761D74-F58B-4820-AEA0-E7AB76FF7D71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30772AE3-2280-4D55-B2FC-7D80CBB4CD85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{380C99B2-8296-43FC-B29F-D5C779A0D096}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D1E33B2-6E1E-4660-BB01-3C6B8F593D77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{416C0C34-EA81-46EB-A6B0-755BE0B5445E}" = lport=57599 | protocol=6 | dir=in | name=pando media booster |
"{4607C43D-6AAA-40AE-9FC0-E3C928D6DEED}" = lport=137 | protocol=17 | dir=in | app=system |
"{460E116E-9D44-4F4E-9456-C27C1D31E9DA}" = lport=57599 | protocol=17 | dir=in | name=pando media booster |
"{5EC099B2-B89A-4EE2-9B43-2ADBEA938FF8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64197379-AE9D-4DAE-BC8F-8003048B10A9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E7099B3-D809-4558-8054-1E7A1498E8CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{87C6943C-0E22-4B7C-A19F-4FFDF3CAF24D}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0A016C4-6350-4240-A2B2-142F64203FD1}" = lport=57599 | protocol=17 | dir=in | name=pando media booster |
"{AE45818D-891F-4496-B65B-8D2CF065F9DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFB8EA82-2BF2-420F-9260-CC417C4D0043}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8A2B46C-6582-4BBB-B3BA-1348E164113C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B8AEDCBD-BD71-4156-9909-3329C235551C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D3091FAC-6EFA-457B-880C-90345C3C4D38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5237E34-2CE2-4778-86F4-912EAA762244}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DB2BE4A9-E5A3-4858-92BE-ACDEDA86DBD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB4A4A48-617F-43E9-8DA6-B3CA4707BDC4}" = lport=138 | protocol=17 | dir=in | app=system |
"{E0A76B48-7FBE-4DCC-AB18-EE48D935B7DD}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08480A38-4E19-4AB1-AB2D-61E23D131E63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{11D41E84-47FD-4CBD-ABA5-77B69DD8BF66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1428B066-1430-4434-B08A-5CA4CF35D217}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{162199F2-FA94-4F66-AC6C-60648AD9C864}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{1D49E0FE-3344-43A2-B97B-CFFF9BB2A684}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49051126-F7AE-4583-B2B5-56DAA03D04DC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4A50F4DF-D160-4C0F-86E4-2A18F0169FD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{522D0CE8-3D8A-463B-A7F9-AC71D1185603}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B8C1BA0-C141-4AC6-A2FF-8D5526BA13ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7269A2DC-F3F3-4C0A-8D02-D9461375235D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7C97BC2B-8D8C-418A-99C3-FFE0AEF24FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{83336E9E-176F-4EE2-A68C-F29D5436485E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{885DC0C8-C169-46CC-8830-412DE9D1D25E}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{90E25CAF-8CD2-4729-875E-A79ECA22A11B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0BDAA06-2C9D-4468-BD56-8970480E92AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6986F0E-2029-40EE-9F7B-E29F9D1763EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC35FD51-F5C9-47B8-B1DD-FE5486EB42F9}" = dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"{AE5E9769-0742-40CD-A115-7983682533E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD02413A-6CD8-472B-B409-F79BA5DE4E44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA771759-4936-4AE8-95FE-D88FBBB40F14}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CC9A366C-F92B-44E7-B25D-DE39D6C10B71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE9B52E7-AEA5-4AF6-9C33-F7B49BC6217C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D0353722-67A0-487B-AAE0-28089636FA55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3C94BE3-7732-4E7B-A21A-88359D47E437}" = protocol=6 | dir=out | app=system |
"{E1D4A6B7-EE7A-4D3A-9AA4-63E88587184E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E6E6CAA0-756E-4D2C-B491-92DFDCB3FF81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F85E2413-B838-4F50-AE43-8B32E8364870}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA60A81B-2058-4EAF-BF44-F897E43EFFBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE7B8D73-ECB2-4B8F-9072-9A30D9FBFA9A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{12566787-EBAF-407A-BCB3-A30A0BBB7BC2}C:\users\.....\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\.....\appdata\local\temp\gw2.exe |
"TCP Query User{19A2C78C-104B-4B4E-832B-BFD5CEF0A2CC}C:\users\.....\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\.....\appdata\roaming\spotify\spotify.exe |
"TCP Query User{5B974A65-E0F9-4592-BF41-4ABB42E54BF1}C:\users\.....\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\.....\appdata\roaming\spotify\spotify.exe |
"TCP Query User{6664CD30-1000-4968-AF90-A968C2CC18E1}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{6C22859A-6212-425B-8A03-C77E494DA48D}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{A4EC2750-89C9-4595-92AD-34552F9EED58}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{A8929D23-EADC-4A86-93F2-FBF5B1313CA2}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{D9CCE64A-E709-43DB-84D4-6ABCBF85689F}C:\users\.....\desktop\warcraft 3\war3.exe" = protocol=6 | dir=in | app=c:\users\.....\desktop\warcraft 3\war3.exe |
"UDP Query User{00A50763-AECC-4C7B-A448-4F960BE22591}C:\users\.....\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\.....\appdata\local\temp\gw2.exe |
"UDP Query User{07037845-1208-47CA-8B3B-318394104DF4}C:\users\.....\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\.....\appdata\roaming\spotify\spotify.exe |
"UDP Query User{4B15A026-1AE3-49BD-BCAA-E2D05D2EFB67}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{524C4A55-E9EF-47C0-BF88-8DD93DEB322D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{6AFFB06F-17B7-4E73-A764-EEF7E4ED79AC}C:\users\.....\desktop\warcraft 3\war3.exe" = protocol=17 | dir=in | app=c:\users\.....\desktop\warcraft 3\war3.exe |
"UDP Query User{BE9CB2E2-F8B4-4C8D-83C2-2DAD04425ECA}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{C04DB601-4621-4D8C-95A5-361CADCB8319}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{D97E4F6E-6FCE-4E45-8DA9-D5D91E6FEB9D}C:\users\.....\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\.....\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{18B8E257-FEA3-F0EC-0ED1-A4FD4478F8CE}" = ATI Catalyst Install Manager
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{923962D0-B04A-F947-C0B0-3D3A33B65AD1}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"22AF3CC91FBC5231DD5CB8903F03E2AF3E97ADDF" = Windows-Treiberpaket - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"5DF942712DC7660AE4A1B04809A1C3F67B0CA27C" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0)
"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Windows-Treiberpaket - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{15ABF562-246B-4CDD-7D7B-C2A7E9DC6912}" = CCC Help Danish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1C7DF287-ADAD-B3B1-F8B1-6EF9FDD3054F}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2CBC1A16-2674-F781-AF23-4D87B2D4AD6E}" = CCC Help Japanese
"{32E160FE-A115-841D-C35B-5099344D74B3}" = CCC Help Korean
"{35527A2F-B298-47B9-5694-0430264FB700}" = CCC Help English
"{39FCE8D0-680D-D6C2-9884-6F297EAA40CE}" = CCC Help Russian
"{3A4BAA7A-2251-5E2B-0862-C5DE9D325113}" = CCC Help Thai
"{3C1FEEA4-4C28-7F80-5A36-44DB10CF7109}" = CCC Help Norwegian
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D9BA9-66DB-01D3-9FFE-9E7CD4D70E06}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E489FCF-FCE5-4347-A71E-3C5767832C95}" = HPLaserJetHelp_LearnCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A299BE4-7511-45DB-A221-BFB2C482470D}" = Arithmogriph
"{5B476EAE-336C-4083-DE7F-A2AE52D0167A}" = CCC Help French
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{60BDA28F-268A-0FF3-BA42-E73C08574B57}" = PX Profile Update
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A528C37-10DA-1C09-08C1-B69B2C95006D}" = CCC Help Chinese Standard
"{6DA3A4E0-25FC-4206-4A7A-B4E8826206D4}" = Catalyst Control Center Localization All
"{6E28312D-C579-5C85-30E2-731C3446F98E}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{794DD8BD-C69A-AEEB-3A9E-230F8BB7B807}" = CCC Help Chinese Traditional
"{81AFA4BA-E1DA-D8A8-22E9-54B0CEA7FFEB}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B2A8B60-39DC-DA10-1B7F-05D77BE5BAD5}" = Catalyst Control Center Graphics Previews Common
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{9129BECA-9A66-FF4A-96BF-E4E54C05102F}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1221CC-A343-7B37-EF11-6965CCA8D39C}" = CCC Help Spanish
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A833C64A-8367-4683-91FB-E574143A1726}" = Catalyst Control Center - Branding
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC938019-B63F-4EAC-81BD-7C77B18C484E}" = Cisco AnyConnect Secure Mobility Client
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B52C064D-2ABD-0C1E-613A-94735D04BB19}" = CCC Help Polish
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{D42EED0A-B0CE-9A2F-CE78-58840840CE06}" = CCC Help Greek
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{D7A045AD-9C12-A766-4019-D0364E8938F9}" = Catalyst Control Center InstallProxy
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DD2B2080-F4FB-D276-F8AC-0353F3991BB4}" = CCC Help Italian
"{E776B10D-A90F-7D4A-64A0-3CF44145F6AB}" = Catalyst Control Center Profiles Mobile
"{E8DD6008-F395-4B9E-A585-CE06E03A4FCF}" = mediscript GK1
"{EB25EE32-40AD-F643-D42E-6EEC2D70BEFB}" = CCC Help Dutch
"{EED05EBB-816C-4E30-8175-3B47391E4FE0}" = CCC Help German
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{F20E1660-8109-4048-524D-D9E39AE3B725}" = CCC Help Swedish
"{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series
"{F4F8DC6B-5591-4F22-BD5D-6CB8AA8D5452}" = hppCP1020LaserJetService
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ColorSchemerStudio2_is1" = ColorSchemer Studio 2
"DivX Setup" = DivX-Setup
"GeoGebra 4.2" = GeoGebra 4.2
"Guild Wars 2" = Guild Wars 2
"hon" = Heroes of Newerth
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltraStar Deluxe" = UltraStar Deluxe
"WinGimp-2.0_is1" = GIMP 2.6.11
"WsysControl" = Wsys Control 1.0.0.2557
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.01.2013 12:59:18 | Computer Name = .....-Notebook | Source = PC-Doctor | ID = 1
Description = (4764) Asapi: (17:59:18:9060)(4764) S3LogPusherPlugin.Helper - Error
-- 340 Unable to storage the test log to medium
Error - 26.01.2013 15:48:36 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.01.2013 15:48:36 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.01.2013 15:48:36 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.01.2013 15:48:36 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.01.2013 17:42:59 | Computer Name = .....-Notebook | Source = WinMgmt | ID = 10
Description =
Error - 26.01.2013 17:43:14 | Computer Name = .....-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0,
Zeitstempel: 0x4bc33882 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19,
Zeitstempel: 0x4bab86d4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000058a9 ID des fehlerhaften
Prozesses: 0x7d0 Startzeit der fehlerhaften Anwendung: 0x01cdfc0e1a62bcc5 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 6293f266-6801-11e2-8beb-f0def16b79cd
Error - 26.01.2013 20:53:31 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 27.01.2013 14:14:48 | Computer Name = .....-Notebook | Source = WinMgmt | ID = 10
Description =
Error - 27.01.2013 14:15:05 | Computer Name = .....-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0,
Zeitstempel: 0x4bc33882 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19,
Zeitstempel: 0x4bab86d4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000058a9 ID des fehlerhaften
Prozesses: 0x8b4 Startzeit der fehlerhaften Anwendung: 0x01cdfcba2f2eca19 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 7918c296-68ad-11e2-a56a-f0def16b79cd
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 22.07.2013 01:36:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED
Error - 22.07.2013 01:36:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CPhoneHomeAgent::InitPhoneHomeAgent File: ..\PhoneHomeAgent.cpp
Line:
519 Illegal last reported time, using default value (0)
Error - 22.07.2013 01:36:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 22.07.2013 01:36:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 22.07.2013 01:36:49 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 22.07.2013 01:37:23 | Computer Name = .....-Notebook | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 22.07.2013 01:37:23 | Computer Name = .....-Notebook | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1352 NULL object. Cannot establish a connection at this time.
Error - 22.07.2013 01:41:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 22.07.2013 01:41:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 22.07.2013 01:41:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 22.07.2013 01:37:24 | Computer Name = .....-Notebook | Source = PNRPSvc | ID = 102
Description =
Error - 22.07.2013 01:37:24 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 22.07.2013 01:37:24 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 22.07.2013 01:37:28 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = PNRPSvc | ID = 102
Description =
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = PNRPSvc | ID = 102
Description =
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
 Habe meines Wissens ordnungsgemäß Avira und den Rest deaktiviert. Wie soll ich hier verfahren? Ich bedanke mich bei allen Lesern und hoffe auf eine Hilfestellung. Beste Grüße chalmit  |
|
22.07.2013, 10:40
| #2 |
| /// the machine /// TB-Ausbilder    |  Nach qvo6 und SpyHunter Infektion noch Anzeichen? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
22.07.2013, 11:55
| #3 |
| | Nach qvo6 und SpyHunter Infektion noch Anzeichen? Hi schrauber,
__________________Danke für deine fixe Antwort. Hier die Scans: FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by ..... (administrator) on 22-07-2013 12:51:43
Running from C:\Users\.....\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Spotify Ltd) C:\Users\.....\AppData\Roaming\Spotify\spotify.exe
() C:\Users\.....\Downloads\FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {86C70F2C-80BC-425A-B37A-326DAF72A501} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKCU - {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: groovesharkUnlocker - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-28] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [31592 2010-12-03] (Lenovo Group Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 12:50 - 2013-07-22 12:50 - 00032139 _____ C:\Users\.....\Downloads\FRST.txt
2013-07-22 12:50 - 2013-07-22 12:50 - 00024292 _____ C:\Users\.....\Downloads\Addition.txt
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 12:48 - 2013-07-22 12:48 - 01779363 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:18 - 2013-07-22 10:09 - 00067342 _____ C:\Users\.....\Downloads\Extras.Txt
2013-07-22 09:17 - 2013-07-22 10:06 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000474 _____ C:\Users\.....\Downloads\defogger_disable.log
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 00:05 - 2013-07-22 09:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 00:05 - 2013-07-22 00:05 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-22 00:05 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-22 00:04 - 2013-07-22 00:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-21 23:58 - 2013-07-22 00:01 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\.....\Downloads\spybot-2.1.exe
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:35 - 2013-07-21 23:35 - 00010030 _____ C:\Users\.....\Downloads\hijackthis.log
2013-07-21 23:34 - 2013-07-21 23:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\.....\Downloads\HiJackThis204.exe
2013-07-21 23:33 - 2013-07-21 23:33 - 00000982 _____ C:\AdwCleaner[R2].txt
2013-07-21 23:27 - 2013-07-21 23:27 - 00007519 _____ C:\AdwCleaner[R1].txt
2013-07-21 23:27 - 2013-07-21 23:27 - 00004721 _____ C:\AdwCleaner[S1].txt
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Downloads\adwcleaner06.exe
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 22:41 - 2013-07-21 23:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:25 - 2013-07-21 18:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 16:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 03:43 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 03:43 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 03:43 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 03:43 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 03:43 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 03:43 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-14 03:43 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 03:43 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 03:43 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 03:43 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 03:43 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 03:43 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-14 03:43 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 03:39 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 03:39 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 03:39 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 03:39 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 03:38 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 03:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 03:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 15:08 - 2013-07-06 18:46 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 15:08 - 2013-07-06 17:59 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 15:08 - 2013-07-06 17:58 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 11:33 - 2013-07-06 13:45 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:36 - 2013-07-04 12:36 - 00092776 _____ (Spotify Ltd) C:\Users\.....\Downloads\SpotifySetup.exe
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-01 16:07 - 2013-07-01 16:05 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:07 - 2013-07-01 00:15 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
==================== One Month Modified Files and Folders =======
2013-07-22 12:50 - 2013-07-22 12:50 - 00032139 _____ C:\Users\.....\Downloads\FRST.txt
2013-07-22 12:50 - 2013-07-22 12:50 - 00024292 _____ C:\Users\.....\Downloads\Addition.txt
2013-07-22 12:50 - 2013-05-31 20:27 - 00000000 ____D C:\Users\.....\AppData\Roaming\Spotify
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 12:48 - 2013-07-22 12:48 - 01779363 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-22 12:41 - 2013-02-27 19:23 - 00000000 ____D C:\Users\.....\AppData\Roaming\TS3Client
2013-07-22 12:40 - 2011-06-19 01:53 - 01136981 _____ C:\Windows\WindowsUpdate.log
2013-07-22 12:03 - 2013-03-05 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 10:09 - 2013-07-22 09:18 - 00067342 _____ C:\Users\.....\Downloads\Extras.Txt
2013-07-22 10:06 - 2013-07-22 09:17 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:57 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 09:57 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 09:55 - 2011-06-19 11:46 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-22 09:55 - 2011-06-19 11:46 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-22 09:55 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:49 - 2013-06-06 00:08 - 00002925 _____ C:\Windows\setupact.log
2013-07-22 09:49 - 2011-08-02 15:06 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-22 09:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000474 _____ C:\Users\.....\Downloads\defogger_disable.log
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:09 - 2011-07-31 12:45 - 00000000 ____D C:\Users\.....
2013-07-22 09:08 - 2013-07-22 00:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 09:00 - 2011-08-02 15:06 - 00003508 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-07-22 09:00 - 2011-08-02 15:06 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-07-22 00:09 - 2013-07-22 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-22 00:05 - 2013-07-22 00:05 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-22 00:01 - 2013-07-21 23:58 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\.....\Downloads\spybot-2.1.exe
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:35 - 2013-07-21 23:35 - 00010030 _____ C:\Users\.....\Downloads\hijackthis.log
2013-07-21 23:34 - 2013-07-21 23:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\.....\Downloads\HiJackThis204.exe
2013-07-21 23:33 - 2013-07-21 23:33 - 00000982 _____ C:\AdwCleaner[R2].txt
2013-07-21 23:29 - 2013-06-06 00:07 - 00003196 _____ C:\Windows\PFRO.log
2013-07-21 23:27 - 2013-07-21 23:27 - 00007519 _____ C:\AdwCleaner[R1].txt
2013-07-21 23:27 - 2013-07-21 23:27 - 00004721 _____ C:\AdwCleaner[S1].txt
2013-07-21 23:27 - 2011-07-31 12:51 - 00001179 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 23:27 - 2011-07-31 12:51 - 00000996 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Downloads\adwcleaner06.exe
2013-07-21 23:26 - 2011-10-20 10:04 - 00000000 ____D C:\Users\.....\AppData\Roaming\Skype
2013-07-21 23:22 - 2013-07-21 22:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:24 - 2013-07-21 18:25 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 18:24 - 2012-09-16 09:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 18:24 - 2011-08-22 17:41 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 18:19 - 2011-09-04 20:06 - 00000000 ____D C:\Users\.....\AppData\Local\CrashDumps
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:30 - 2013-02-27 19:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-21 15:30 - 2012-12-21 16:13 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-21 08:40 - 2011-08-02 14:53 - 00000000 ____D C:\Users\.....\AppData\Local\Adobe
2013-07-18 23:00 - 2009-07-14 06:45 - 00343688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:54 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 12:29 - 2013-05-31 20:28 - 00000000 ____D C:\Users\.....\AppData\Local\Spotify
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-14 03:44 - 2011-08-02 16:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-06 18:46 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 17:59 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 17:58 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 15:31 - 2012-01-06 01:04 - 00000000 ____D C:\Users\.....\.gimp-2.6
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 13:45 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-06 09:31 - 2012-05-07 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:38 - 2013-05-31 20:28 - 00001829 _____ C:\Users\.....\Desktop\Spotify.lnk
2013-07-04 12:38 - 2013-05-31 20:28 - 00001815 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-07-04 12:36 - 2013-07-04 12:36 - 00092776 _____ (Spotify Ltd) C:\Users\.....\Downloads\SpotifySetup.exe
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-04 12:31 - 2012-04-24 09:10 - 00000000 ____D C:\Users\.....\Desktop\Medi-Learn
2013-07-04 12:31 - 2011-10-18 10:53 - 00000000 ____D C:\Users\.....\Documents\WS 11-12
2013-07-01 16:07 - 2012-11-25 13:18 - 00019456 ___SH C:\Users\Public\Documents\Thumbs.db
2013-07-01 16:05 - 2013-07-01 16:07 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:05 - 2011-08-02 15:06 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-07-01 00:15 - 2013-07-01 16:07 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
2013-06-27 13:38 - 2011-08-02 15:06 - 00004248 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-06-27 12:49 - 2013-05-07 21:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-20 22:34
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013 Ran by ..... at 2013-07-22 12:51:57 Running from C:\Users\.....\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Anzeige am Bildschirm (Version: 6.23.00) Arithmogriph (x32 Version: 1.01.0000) ATI Catalyst Install Manager (Version: 3.0.808.0) ATI Uninstaller (Version: 8.811.1.5-110204a-116457C-Lenovo) Avira Free Antivirus (x32 Version: 13.0.0.3737) Burn.Now 4.5 (x32 Version: 4.5.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0204.1429.25921) Catalyst Control Center InstallProxy (x32 Version: 2011.0204.1429.25921) Catalyst Control Center Localization All (x32 Version: 2011.0204.1429.25921) Catalyst Control Center Profiles Mobile (x32 Version: 2011.0204.1429.25921) CCC Help Chinese Standard (x32 Version: 2011.0204.1428.25921) CCC Help Chinese Traditional (x32 Version: 2011.0204.1428.25921) CCC Help Czech (x32 Version: 2011.0204.1428.25921) CCC Help Danish (x32 Version: 2011.0204.1428.25921) CCC Help Dutch (x32 Version: 2011.0204.1428.25921) CCC Help English (x32 Version: 2011.0204.1428.25921) CCC Help Finnish (x32 Version: 2011.0204.1428.25921) CCC Help French (x32 Version: 2011.0204.1428.25921) CCC Help German (x32 Version: 2011.0204.1428.25921) CCC Help Greek (x32 Version: 2011.0204.1428.25921) CCC Help Hungarian (x32 Version: 2011.0204.1428.25921) CCC Help Italian (x32 Version: 2011.0204.1428.25921) CCC Help Japanese (x32 Version: 2011.0204.1428.25921) CCC Help Korean (x32 Version: 2011.0204.1428.25921) CCC Help Norwegian (x32 Version: 2011.0204.1428.25921) CCC Help Polish (x32 Version: 2011.0204.1428.25921) CCC Help Portuguese (x32 Version: 2011.0204.1428.25921) CCC Help Russian (x32 Version: 2011.0204.1428.25921) CCC Help Spanish (x32 Version: 2011.0204.1428.25921) CCC Help Swedish (x32 Version: 2011.0204.1428.25921) CCC Help Thai (x32 Version: 2011.0204.1428.25921) ccc-core-static (x32 Version: 2011.0204.1429.25921) ccc-utility64 (Version: 2011.0204.1429.25921) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059) ColorSchemer Studio 2 (x32 Version: Studio v2.1) Conexant HD Audio (Version: 8.32.27.0) Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0) Corel WinDVD (x32 Version: 10.0.5.828) Create Recovery Media (x32 Version: 1.20.0.00) Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00) DivX-Setup (x32 Version: 2.6.1.3) dows-Treiberpaket - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010) (Version: 12/06/2010 7.035.1206.2010) GeoGebra 4.2 (x32 Version: 4.2.36.0) GIMP 2.6.11 (x32 Version: 2.6.11) Guild Wars 2 (x32) Heroes of Newerth (x32 Version: 1.0.16) HP LaserJet P1000 series (x32) HP LaserJet Professional CP1020 Series (x32) HPLaserJetHelp_LearnCenter (x32 Version: 1.01.0000) HPLJUT (x32 Version: 1.00.0008) hppCP1020LaserJetService (x32 Version: 001.007.00319) hppLaserJetService (x32 Version: 002.007.00397) hppMSRedist (x32 Version: 1.00.0000) hppusgP1000 (x32 Version: 1.1.0.1) HPSSupply (x32 Version: 2.1.1.0000) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (x32 Version: 1.1.0.1147) Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Processor Graphics (x32 Version: 9.17.10.2932) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Lenovo Auto Scroll Utility (Version: 1.00) Lenovo Patch Utility 64 bit (Version: 1.3.0.9) Lenovo System Interface Driver (Version: 1.05) Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23) Lenovo User Guide (x32 Version: 1.0.0008.00) Lenovo Warranty Information (x32 Version: 1.0.0005.00) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) mediscript GK1 (x32 Version: 3.0.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MrvlUsgTracking (x32 Version: 1.0.7) MrvlUsgTracking64 (Version: 1.0.1) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Pando Media Booster (x32 Version: 2.6.0.1) PowerXpressHybrid (x32 Version: 1.00.0000) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.11) PX Profile Update (x32 Version: 1.00.1.) RapidBoot (x32 Version: 1.00) Realtek Ethernet Controller Driver (x32 Version: 7.35.1206.2010) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00) RICOH Media Driver v2.10.18.02 (x32 Version: 2.10.18.02) SAMSUNG USB Driver for Mobile Phones (x32 Version: 1.3.800.0) Skype™ 6.3 (x32 Version: 6.3.107) Spotify (HKCU Version: 0.9.1.57.ge7405149) Spybot - Search & Destroy (x32 Version: 2.1.19) System Update (x32 Version: 4.00.0039) TeamSpeak 3 Client (x32 Version: 3.0.10) ThinkPad Energie-Manager (x32 Version: 3.44) ThinkPad Power Management Driver (Version: 1.61.00.11) ThinkPad UltraNav Driver (Version: 15.2.19.0) ThinkVantage Communications Utility (Version: 2.10.0.0) ThinkVantage System für aktiven Festplattenschutz (Version: 1.74) UltraStar Deluxe (x32 Version: 1.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows-Treiberpaket - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (Version: 11/06/2010 10.1.0.1008) Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (Version: 11/11/2010 1.61.00.11) Windows-Treiberpaket - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0) (Version: 03/24/2011 15.2.19.0) WinRAR 4.01 (64-Bit) (Version: 4.01.0) Wsys Control 1.0.0.2557 (x32 Version: 1.0.0.2557) ==================== Restore Points ========================= 26-06-2013 13:58:18 Windows Update 01-07-2013 14:10:53 Windows Update 05-07-2013 18:33:06 Windows Update 13-07-2013 12:09:56 Windows Update 14-07-2013 01:36:17 Windows Update 17-07-2013 10:08:40 Windows Update 20-07-2013 18:34:00 Windows Update 21-07-2013 13:39:18 Windows Update 21-07-2013 16:19:48 Removed Java 7 Update 17 (64-bit) 21-07-2013 16:24:37 Installed Java 7 Update 25 21-07-2013 16:27:14 Installed Cisco AnyConnect Secure Mobility Client 21-07-2013 20:41:32 Installed SpyHunter 21-07-2013 21:21:11 Removed SpyHunter ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0F1D5482-5D88-4DDC-98BA-98DB1B15A2CF} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-05-02] (Hewlett Packard) Task: {1948B888-2138-4604-AAF0-A0885C5891A8} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File Task: {29B8EC57-04C6-49CA-9D20-233B3BB023A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated) Task: {2A46FAF1-CB07-4DC5-A9BA-79B97B7149E1} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe No File Task: {4D57C0C9-33D8-4F2A-97E0-EF56F2AC9E0C} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {5A7806ED-C6A8-4023-A8FD-8DF2ABB962CC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {867A6CC9-E781-4975-8027-759F76FBEEAE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {9B93E78B-A88E-47FC-9CB8-60F11015A515} - System32\Tasks\PMTask => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe [2011-02-03] (Lenovo Group Limited) Task: {9DEB8366-6372-4C24-9A5E-E84090A80A24} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.) Task: {B1389C63-6A0E-45E3-AF41-4429FF953D33} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {CB24B1A7-273B-436E-81E6-BC50AB3806F0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Standard-VGA-Grafikkarte Description: Standard-VGA-Grafikkarte Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardgrafikkartentypen) Service: vga Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2013 09:50:07 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0, Zeitstempel: 0x4bc33882 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19, Zeitstempel: 0x4bab86d4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000058a9 ID des fehlerhaften Prozesses: 0x7f4 Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0 Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1 Pfad des fehlerhaften Moduls: HPLaserJetService.exe2 Berichtskennung: HPLaserJetService.exe3 Error: (07/22/2013 09:50:04 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/22/2013 09:00:51 AM) (Source: PC-Doctor) (User: ) Description: (5492) Asapi: (09:00:51:3420)(5492) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium Error: (07/22/2013 07:37:24 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0, Zeitstempel: 0x4bc33882 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19, Zeitstempel: 0x4bab86d4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000058a9 ID des fehlerhaften Prozesses: 0x210 Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0 Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1 Pfad des fehlerhaften Moduls: HPLaserJetService.exe2 Berichtskennung: HPLaserJetService.exe3 Error: (07/22/2013 07:37:10 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 11:30:42 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0, Zeitstempel: 0x4bc33882 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19, Zeitstempel: 0x4bab86d4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000058a9 ID des fehlerhaften Prozesses: 0x7e8 Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0 Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1 Pfad des fehlerhaften Moduls: HPLaserJetService.exe2 Berichtskennung: HPLaserJetService.exe3 Error: (07/21/2013 11:30:24 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader) (User: ) Description: Function: CDownloaderArgs::GetCertificateInfo File: .\DownloaderArgs.cpp Line: 1574 Invoked Function: CCertificateInfoTlv::Assign Return Code: -23199733 (0xFE9E000B) Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader) (User: ) Description: Function: CCertificateInfoTlv::Assign File: ..\Common\TLV\CertificateInfoTlv.cpp Line: 87 Invoked Function: CCertificateInfoTlv::Serialize Return Code: -23199733 (0xFE9E000B) Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader) (User: ) Description: Function: CCertificateInfoTlv::Serialize File: ..\Common\TLV\CertificateInfoTlv.cpp Line: 523 Data to serialize is empty System errors: ============= Error: (07/22/2013 09:53:49 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/22/2013 09:53:49 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/22/2013 09:53:49 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/22/2013 09:53:49 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/22/2013 09:53:49 AM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (07/22/2013 09:53:49 AM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (07/22/2013 09:53:34 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/22/2013 09:53:34 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/22/2013 09:53:34 AM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (07/22/2013 09:50:12 AM) (Source: Service Control Manager) (User: ) Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (07/22/2013 09:50:07 AM) (Source: Application Error)(User: ) Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.2.0.194bab86d4c0000417000058a97f401ce86b00187a77bC:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL53476d4b-f2a3-11e2-84be-cc52afe14a77 Error: (07/22/2013 09:50:04 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/22/2013 09:00:51 AM) (Source: PC-Doctor)(User: ) Description: (5492) Asapi: (09:00:51:3420)(5492) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium Error: (07/22/2013 07:37:24 AM) (Source: Application Error)(User: ) Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.2.0.194bab86d4c0000417000058a921001ce869d73d980a1C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLLc90be01f-f290-11e2-ab68-cc52afe14a77 Error: (07/22/2013 07:37:10 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 11:30:42 PM) (Source: Application Error)(User: ) Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.2.0.194bab86d4c0000417000058a97e801ce865975af0c23C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLLcb0a67dd-f24c-11e2-b360-cc52afe14a77 Error: (07/21/2013 11:30:24 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader)(User: ) Description: Function: CDownloaderArgs::GetCertificateInfo File: .\DownloaderArgs.cpp Line: 1574 Invoked Function: CCertificateInfoTlv::Assign Return Code: -23199733 (0xFE9E000B) Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader)(User: ) Description: Function: CCertificateInfoTlv::Assign File: ..\Common\TLV\CertificateInfoTlv.cpp Line: 87 Invoked Function: CCertificateInfoTlv::Serialize Return Code: -23199733 (0xFE9E000B) Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader)(User: ) Description: Function: CCertificateInfoTlv::Serialize File: ..\Common\TLV\CertificateInfoTlv.cpp Line: 523 Data to serialize is empty CodeIntegrity Errors: =================================== Date: 2013-04-28 22:42:50.224 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:50.174 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:50.124 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:50.024 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:49.964 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:49.874 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:49.814 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:49.764 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:49.684 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:42:49.414 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 4007.23 MB Available physical RAM: 2440.99 MB Total Pagefile: 8012.65 MB Available Pagefile: 6027.58 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:251.46 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.39 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: AC0CFB7D) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
22.07.2013, 13:52
| #4 | |
| /// the machine /// TB-Ausbilder | Nach qvo6 und SpyHunter Infektion noch Anzeichen?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2013, 15:13
| #5 |
| | Nach qvo6 und SpyHunter Infektion noch Anzeichen? Hier ist er! Code:
ATTFilter ComboFix 13-07-22.01 - Helmut 22.07.2013 15:32:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4007.2513 [GMT 2:00]
ausgeführt von:: c:\users\Helmut\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\67394B94E9.sys
c:\programdata\6CB7BAAB3F.sys
c:\programdata\Roaming
c:\windows\wininit.ini
Q:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WsysSvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-22 bis 2013-07-22 ))))))))))))))))))))))))))))))
.
.
2013-07-22 10:49 . 2013-07-22 10:49 -------- d-----w- C:\FRST
2013-07-22 05:56 . 2013-07-22 05:57 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F8108F3-3C0D-41DD-BC77-FD416BC13835}\offreg.dll
2013-07-21 22:05 . 2013-07-22 07:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-21 22:04 . 2013-07-22 13:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-07-21 21:47 . 2013-07-21 21:47 -------- d-----w- c:\users\Helmut\AppData\Local\Conexant
2013-07-21 21:47 . 2013-07-21 21:47 -------- d-----w- c:\programdata\Conexant
2013-07-21 20:42 . 2013-07-21 20:42 -------- d-----w- c:\program files\Enigma Software Group
2013-07-21 20:41 . 2013-07-21 21:22 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 20:41 . 2013-07-21 20:41 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-07-21 16:27 . 2013-07-21 16:27 -------- d-----w- c:\users\Helmut\AppData\Local\Cisco
2013-07-21 16:27 . 2013-07-21 16:27 -------- d-----w- c:\program files (x86)\Cisco
2013-07-21 16:27 . 2013-07-21 16:27 -------- d-----w- c:\programdata\Cisco
2013-07-21 16:25 . 2013-07-21 16:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-21 16:25 . 2013-07-21 16:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-21 16:24 . 2013-07-21 16:24 -------- d-----w- c:\program files (x86)\Java
2013-07-21 14:01 . 2013-07-21 14:01 -------- d-----w- c:\users\Helmut\AppData\Roaming\Malwarebytes
2013-07-21 14:00 . 2013-07-21 14:00 -------- d-----w- c:\programdata\Malwarebytes
2013-07-21 14:00 . 2013-07-21 14:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-21 14:00 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-21 14:00 . 2013-07-21 14:00 -------- d-----w- c:\users\Helmut\AppData\Local\Programs
2013-07-21 13:39 . 2013-07-15 01:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F8108F3-3C0D-41DD-BC77-FD416BC13835}\mpengine.dll
2013-07-14 01:39 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-14 01:39 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-14 01:39 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-14 01:39 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-14 01:39 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-14 01:39 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-14 01:39 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-14 01:39 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-14 01:39 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-14 01:39 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-14 01:39 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-14 01:38 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-14 01:38 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-14 01:38 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-14 01:38 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-14 01:38 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-14 01:38 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-14 01:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-14 01:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 16:24 . 2012-09-16 07:44 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-21 16:24 . 2011-08-22 15:41 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-14 01:44 . 2011-08-02 14:41 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-27 10:49 . 2013-05-07 19:23 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-19 15:00 . 2013-06-19 15:00 11152 ----a-w- c:\windows\SysWow64\vpncategories.dll
2013-06-19 15:00 . 2013-06-19 15:00 34192 ----a-w- c:\windows\SysWow64\vpnevents.dll
2013-06-19 14:42 . 2013-06-19 14:42 52080 ----a-w- c:\windows\system32\drivers\vpnva64-6.sys
2013-06-19 14:40 . 2013-06-19 14:40 112080 ----a-r- c:\windows\system32\drivers\acsock64.sys
2013-06-14 23:03 . 2013-03-05 14:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 23:03 . 2013-03-05 14:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-01 11:27 . 2011-09-04 16:05 2724 --sha-w- c:\programdata\KGyGaAvL.sys
2013-05-13 05:51 . 2013-06-14 21:24 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-14 21:24 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-14 21:24 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-14 21:24 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-14 21:24 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-14 21:24 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-14 21:24 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-14 21:24 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-14 21:24 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-14 21:24 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-14 21:25 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-14 21:25 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-14 21:27 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 19:42 . 2013-04-28 19:46 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-28 19:42 . 2013-04-28 19:46 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-28 19:42 . 2013-04-28 19:46 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-26 05:51 . 2013-06-14 21:25 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-14 21:25 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-14 21:24 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-04 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-06-19 703888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"RotateImage"=c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
"PWMTRV"=rundll32 c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 23:03]
.
2013-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2013-07-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 399856]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-02-26 60920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;localhos
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-WsysControl - c:\programdata\eSafe\eGdpSvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-22 15:42:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-22 13:42
.
Vor Suchlauf: 13 Verzeichnis(se), 268.304.855.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 268.092.833.792 Bytes frei
.
- - End Of File - - 902DB9585EFC3631EB1613C567365AA9
D41D8CD98F00B204E9800998ECF8427E
|
|
22.07.2013, 17:33
| #6 |
| /// the machine /// TB-Ausbilder | Nach qvo6 und SpyHunter Infektion noch Anzeichen? Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Nach qvo6 und SpyHunter Infektion noch Anzeichen? |
|
23.07.2013, 11:09
| #7 |
| | Nach qvo6 und SpyHunter Infektion noch Anzeichen? Hi schrauber, Es muss ja wirklich schlecht stehen bei diesen ganzen Tests :P Adw: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 23/07/2013 um 11:59:49 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ..... - .....-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\.....\Desktop\adwcleaner06.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16496
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R3].txt - [860 octets] - [23/07/2013 11:57:08]
AdwCleaner[S2].txt - [344 octets] - [23/07/2013 11:59:36]
AdwCleaner[S3].txt - [853 octets] - [23/07/2013 11:59:49]
########## EOF - C:\AdwCleaner[S3].txt - [912 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Professional x64
Ran by Helmut on 23.07.2013 at 12:02:48,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\dbjd522f.default\prefs.js
user_pref("extensions.crossrider.bic", "14002ee2390203b522fdaf7a9add7dfe");
Emptied folder: C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\dbjd522f.default\minidumps [280 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 12:06:27,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by ..... (administrator) on 23-07-2013 12:12:51
Running from C:\Users\.....\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [703888 2013-06-19] (Cisco Systems, Inc.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {86C70F2C-80BC-425A-B37A-326DAF72A501} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: groovesharkUnlocker - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-28] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [31592 2010-12-03] (Lenovo Group Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 12:12 - 2013-07-23 12:12 - 01779447 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-23 12:06 - 2013-07-23 12:06 - 00001167 _____ C:\Users\.....\Desktop\JRT.txt
2013-07-23 12:02 - 2013-07-23 12:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 12:01 - 2013-07-23 12:01 - 00000976 _____ C:\Users\.....\Desktop\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000980 _____ C:\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000344 _____ C:\AdwCleaner[S2].txt
2013-07-23 11:58 - 2013-07-23 11:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\.....\Desktop\JRT.exe
2013-07-23 11:57 - 2013-07-23 11:57 - 00000860 _____ C:\AdwCleaner[R3].txt
2013-07-22 20:37 - 2013-07-22 20:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 16:07 - 2013-07-22 16:07 - 00022973 _____ C:\ComboFix.txt
2013-07-22 15:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-22 15:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-22 15:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-22 15:31 - 2013-07-22 16:07 - 00000000 ____D C:\Qoobox
2013-07-22 15:31 - 2013-07-22 15:41 - 00000000 ____D C:\Windows\erdnt
2013-07-22 15:28 - 2013-07-22 15:28 - 05091940 ____R (Swearware) C:\Users\.....\Desktop\ComboFix.exe
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:17 - 2013-07-22 10:06 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 00:05 - 2013-07-22 09:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 00:04 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Desktop\adwcleaner06.exe
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 22:41 - 2013-07-21 23:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:25 - 2013-07-21 18:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 16:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 03:43 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 03:43 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 03:43 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 03:43 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 03:43 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 03:43 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-14 03:43 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 03:43 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 03:43 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 03:43 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 03:43 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 03:43 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-14 03:43 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 03:39 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 03:39 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 03:39 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 03:39 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 03:38 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 03:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 03:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 15:08 - 2013-07-06 18:46 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 15:08 - 2013-07-06 17:59 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 15:08 - 2013-07-06 17:58 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 11:33 - 2013-07-06 13:45 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-01 16:07 - 2013-07-01 16:05 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:07 - 2013-07-01 00:15 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
==================== One Month Modified Files and Folders =======
2013-07-23 12:12 - 2013-07-23 12:12 - 01779447 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-23 12:09 - 2013-05-31 20:27 - 00000000 ____D C:\Users\.....\AppData\Roaming\Spotify
2013-07-23 12:08 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 12:08 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 12:06 - 2013-07-23 12:06 - 00001167 _____ C:\Users\.....\Desktop\JRT.txt
2013-07-23 12:03 - 2013-03-05 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 12:02 - 2013-07-23 12:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 12:02 - 2011-08-02 15:06 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-23 12:01 - 2013-07-23 12:01 - 00000976 _____ C:\Users\.....\Desktop\AdwCleaner[S3].txt
2013-07-23 12:00 - 2013-06-06 00:08 - 00003205 _____ C:\Windows\setupact.log
2013-07-23 12:00 - 2011-06-19 01:53 - 01282760 _____ C:\Windows\WindowsUpdate.log
2013-07-23 12:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 11:59 - 2013-07-23 11:59 - 00000980 _____ C:\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000344 _____ C:\AdwCleaner[S2].txt
2013-07-23 11:58 - 2013-07-23 11:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\.....\Desktop\JRT.exe
2013-07-23 11:57 - 2013-07-23 11:57 - 00000860 _____ C:\AdwCleaner[R3].txt
2013-07-23 11:55 - 2011-06-19 11:46 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-23 11:55 - 2011-06-19 11:46 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-23 11:55 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 02:07 - 2013-06-06 00:07 - 00007536 _____ C:\Windows\PFRO.log
2013-07-22 20:39 - 2013-07-22 20:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 20:31 - 2011-10-20 10:04 - 00000000 ____D C:\Users\.....\AppData\Roaming\Skype
2013-07-22 16:07 - 2013-07-22 16:07 - 00022973 _____ C:\ComboFix.txt
2013-07-22 16:07 - 2013-07-22 15:31 - 00000000 ____D C:\Qoobox
2013-07-22 16:05 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-22 15:42 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-22 15:41 - 2013-07-22 15:31 - 00000000 ____D C:\Windows\erdnt
2013-07-22 15:37 - 2013-07-22 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-22 15:28 - 2013-07-22 15:28 - 05091940 ____R (Swearware) C:\Users\.....\Desktop\ComboFix.exe
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 12:41 - 2013-02-27 19:23 - 00000000 ____D C:\Users\.....\AppData\Roaming\TS3Client
2013-07-22 10:06 - 2013-07-22 09:17 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:09 - 2011-07-31 12:45 - 00000000 ____D C:\Users\.....
2013-07-22 09:08 - 2013-07-22 00:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 09:00 - 2011-08-02 15:06 - 00003508 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-07-22 09:00 - 2011-08-02 15:06 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:27 - 2011-07-31 12:51 - 00001179 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 23:27 - 2011-07-31 12:51 - 00000996 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Desktop\adwcleaner06.exe
2013-07-21 23:22 - 2013-07-21 22:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:24 - 2013-07-21 18:25 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 18:24 - 2012-09-16 09:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 18:24 - 2011-08-22 17:41 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 18:19 - 2011-09-04 20:06 - 00000000 ____D C:\Users\.....\AppData\Local\CrashDumps
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:30 - 2013-02-27 19:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-21 15:30 - 2012-12-21 16:13 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-21 08:40 - 2011-08-02 14:53 - 00000000 ____D C:\Users\.....\AppData\Local\Adobe
2013-07-18 23:00 - 2009-07-14 06:45 - 00343688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:54 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 12:29 - 2013-05-31 20:28 - 00000000 ____D C:\Users\.....\AppData\Local\Spotify
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-06 18:46 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 17:59 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 17:58 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 15:31 - 2012-01-06 01:04 - 00000000 ____D C:\Users\.....\.gimp-2.6
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 13:45 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-06 09:31 - 2012-05-07 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:38 - 2013-05-31 20:28 - 00001829 _____ C:\Users\.....\Desktop\Spotify.lnk
2013-07-04 12:38 - 2013-05-31 20:28 - 00001815 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-04 12:31 - 2012-04-24 09:10 - 00000000 ____D C:\Users\.....\Desktop\Medi-Learn
2013-07-04 12:31 - 2011-10-18 10:53 - 00000000 ____D C:\Users\.....\Documents\WS 11-12
2013-07-01 16:07 - 2012-11-25 13:18 - 00019456 ___SH C:\Users\Public\Documents\Thumbs.db
2013-07-01 16:05 - 2013-07-01 16:07 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:05 - 2011-08-02 15:06 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-07-01 00:15 - 2013-07-01 16:07 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
2013-06-27 13:38 - 2011-08-02 15:06 - 00004248 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-06-27 12:49 - 2013-05-07 21:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-24 00:57 - 2011-08-02 16:41 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-20 22:34
==================== End Of Log ============================
Geändert von chalmit (23.07.2013 um 11:14 Uhr) |
|
23.07.2013, 11:59
| #8 |
| /// the machine /// TB-Ausbilder | Nach qvo6 und SpyHunter Infektion noch Anzeichen? Viel Müll drauf. Noch nen Onlinescan zur Kontrolle, Reste entfernen, Fertig  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2013, 14:16
| #9 |
| | Nach qvo6 und SpyHunter Infektion noch Anzeichen? Probleme an sich gibts keine (außer dass ESET anscheinend wieder was gefunden hat  )Eigentlich sonst nur das große Fragezeichen über meinem Kopf: Wie sicher sind meine Passwörter - sollte ich die jetzt umändern, da ja doch einiges drauf zu sein schien? Ist der PC Viren und Malware frei oder läuft es doch auf eine Systemneuaufsetzung hinaus? und wenn man unbewusst so viel Mist auf den PC kriegt: Wie schützt man sich dagegen? Wie erwähnt, mache hier Online-Banking, Facebook etc und hab eigentlich weniger Lust, dass sensible Daten an Dritte weitergereicht werden :/ Hier die Logs ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=37e3ecdf7431f14693f1341bd53258ad
# engine=14503
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 01:01:40
# local_time=2013-07-23 03:01:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 11133 145255805 3918 0
# compatibility_mode=5893 16776573 100 94 0 126214350 0 0
# scanned=173806
# found=1
# cleaned=0
# scan_time=2699
sh=586712E0B1B2DE199A070DB6312589DA1FA69A6E ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\.....\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I67Y8152\cpvload[1].htm"
Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows XP x64 (UAC is enabled) Out of date service pack!! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by ..... (administrator) on 23-07-2013 15:11:06
Running from C:\Users\.....\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [703888 2013-06-19] (Cisco Systems, Inc.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {86C70F2C-80BC-425A-B37A-326DAF72A501} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: groovesharkUnlocker - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-28] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [31592 2010-12-03] (Lenovo Group Limited)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-23] (Avira GmbH)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 15:10 - 2013-07-23 15:10 - 00001056 _____ C:\Users\.....\Desktop\checkup.txt
2013-07-23 15:10 - 2013-07-23 15:10 - 00001037 _____ C:\AdwCleaner[R4].txt
2013-07-23 15:08 - 2013-07-23 15:08 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-07-23 15:07 - 2013-07-23 15:07 - 00002964 _____ C:\Windows\System32\Tasks\{3B6A3BD6-66E6-45B7-AFA2-E5C5AF88BCEC}
2013-07-23 15:06 - 2013-07-23 15:06 - 00891062 _____ C:\Users\.....\Desktop\SecurityCheck.exe
2013-07-23 13:09 - 2013-07-23 13:09 - 02347384 _____ (ESET) C:\Users\.....\Desktop\esetsmartinstaller_enu.exe
2013-07-23 12:12 - 2013-07-23 12:12 - 01779447 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-23 12:06 - 2013-07-23 12:06 - 00001167 _____ C:\Users\.....\Desktop\JRT.txt
2013-07-23 12:02 - 2013-07-23 12:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 12:01 - 2013-07-23 12:01 - 00000976 _____ C:\Users\.....\Desktop\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000980 _____ C:\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000344 _____ C:\AdwCleaner[S2].txt
2013-07-23 11:58 - 2013-07-23 11:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\.....\Desktop\JRT.exe
2013-07-23 11:57 - 2013-07-23 11:57 - 00000860 _____ C:\AdwCleaner[R3].txt
2013-07-22 20:37 - 2013-07-22 20:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 16:07 - 2013-07-22 16:07 - 00022973 _____ C:\ComboFix.txt
2013-07-22 15:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-22 15:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-22 15:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-22 15:31 - 2013-07-22 16:07 - 00000000 ____D C:\Qoobox
2013-07-22 15:31 - 2013-07-22 15:41 - 00000000 ____D C:\Windows\erdnt
2013-07-22 15:28 - 2013-07-22 15:28 - 05091940 ____R (Swearware) C:\Users\.....\Desktop\ComboFix.exe
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:17 - 2013-07-22 10:06 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 00:05 - 2013-07-22 09:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 00:04 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Desktop\adwcleaner06.exe
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 22:41 - 2013-07-21 23:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:25 - 2013-07-21 18:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 16:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 03:43 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 03:43 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 03:43 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 03:43 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 03:43 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 03:43 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-14 03:43 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 03:43 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 03:43 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 03:43 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 03:43 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 03:43 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-14 03:43 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 03:39 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 03:39 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 03:39 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 03:39 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 03:38 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 03:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 03:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 15:08 - 2013-07-06 18:46 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 15:08 - 2013-07-06 17:59 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 15:08 - 2013-07-06 17:58 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 11:33 - 2013-07-06 13:45 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-01 16:07 - 2013-07-01 16:05 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:07 - 2013-07-01 00:15 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
==================== One Month Modified Files and Folders =======
2013-07-23 15:10 - 2013-07-23 15:10 - 00001056 _____ C:\Users\.....\Desktop\checkup.txt
2013-07-23 15:10 - 2013-07-23 15:10 - 00001037 _____ C:\AdwCleaner[R4].txt
2013-07-23 15:08 - 2013-07-23 15:08 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-07-23 15:07 - 2013-07-23 15:07 - 00002964 _____ C:\Windows\System32\Tasks\{3B6A3BD6-66E6-45B7-AFA2-E5C5AF88BCEC}
2013-07-23 15:06 - 2013-07-23 15:06 - 00891062 _____ C:\Users\.....\Desktop\SecurityCheck.exe
2013-07-23 15:03 - 2013-03-05 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 13:09 - 2013-07-23 13:09 - 02347384 _____ (ESET) C:\Users\.....\Desktop\esetsmartinstaller_enu.exe
2013-07-23 13:09 - 2013-05-31 20:27 - 00000000 ____D C:\Users\.....\AppData\Roaming\Spotify
2013-07-23 12:15 - 2011-08-02 15:06 - 00003508 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-07-23 12:15 - 2011-08-02 15:06 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-07-23 12:15 - 2011-08-02 15:06 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-23 12:12 - 2013-07-23 12:12 - 01779447 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-23 12:08 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 12:08 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 12:06 - 2013-07-23 12:06 - 00001167 _____ C:\Users\.....\Desktop\JRT.txt
2013-07-23 12:04 - 2011-06-19 01:53 - 01282760 _____ C:\Windows\WindowsUpdate.log
2013-07-23 12:02 - 2013-07-23 12:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 12:01 - 2013-07-23 12:01 - 00000976 _____ C:\Users\.....\Desktop\AdwCleaner[S3].txt
2013-07-23 12:00 - 2013-06-06 00:08 - 00003205 _____ C:\Windows\setupact.log
2013-07-23 12:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 11:59 - 2013-07-23 11:59 - 00000980 _____ C:\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000344 _____ C:\AdwCleaner[S2].txt
2013-07-23 11:58 - 2013-07-23 11:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\.....\Desktop\JRT.exe
2013-07-23 11:57 - 2013-07-23 11:57 - 00000860 _____ C:\AdwCleaner[R3].txt
2013-07-23 11:55 - 2011-06-19 11:46 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-23 11:55 - 2011-06-19 11:46 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-23 11:55 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 02:07 - 2013-06-06 00:07 - 00007536 _____ C:\Windows\PFRO.log
2013-07-22 20:39 - 2013-07-22 20:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 20:31 - 2011-10-20 10:04 - 00000000 ____D C:\Users\.....\AppData\Roaming\Skype
2013-07-22 16:07 - 2013-07-22 16:07 - 00022973 _____ C:\ComboFix.txt
2013-07-22 16:07 - 2013-07-22 15:31 - 00000000 ____D C:\Qoobox
2013-07-22 16:05 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-22 15:42 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-22 15:41 - 2013-07-22 15:31 - 00000000 ____D C:\Windows\erdnt
2013-07-22 15:37 - 2013-07-22 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-22 15:28 - 2013-07-22 15:28 - 05091940 ____R (Swearware) C:\Users\.....\Desktop\ComboFix.exe
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 12:41 - 2013-02-27 19:23 - 00000000 ____D C:\Users\.....\AppData\Roaming\TS3Client
2013-07-22 10:06 - 2013-07-22 09:17 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:09 - 2011-07-31 12:45 - 00000000 ____D C:\Users\.....
2013-07-22 09:08 - 2013-07-22 00:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:27 - 2011-07-31 12:51 - 00001179 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 23:27 - 2011-07-31 12:51 - 00000996 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Desktop\adwcleaner06.exe
2013-07-21 23:22 - 2013-07-21 22:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:24 - 2013-07-21 18:25 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 18:24 - 2012-09-16 09:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 18:24 - 2011-08-22 17:41 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 18:19 - 2011-09-04 20:06 - 00000000 ____D C:\Users\.....\AppData\Local\CrashDumps
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:30 - 2013-02-27 19:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-21 15:30 - 2012-12-21 16:13 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-21 08:40 - 2011-08-02 14:53 - 00000000 ____D C:\Users\.....\AppData\Local\Adobe
2013-07-18 23:00 - 2009-07-14 06:45 - 00343688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:54 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 12:29 - 2013-05-31 20:28 - 00000000 ____D C:\Users\.....\AppData\Local\Spotify
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-06 18:46 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 17:59 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 17:58 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 15:31 - 2012-01-06 01:04 - 00000000 ____D C:\Users\.....\.gimp-2.6
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 13:45 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-06 09:31 - 2012-05-07 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:38 - 2013-05-31 20:28 - 00001829 _____ C:\Users\.....\Desktop\Spotify.lnk
2013-07-04 12:38 - 2013-05-31 20:28 - 00001815 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-04 12:31 - 2012-04-24 09:10 - 00000000 ____D C:\Users\.....\Desktop\Medi-Learn
2013-07-04 12:31 - 2011-10-18 10:53 - 00000000 ____D C:\Users\.....\Documents\WS 11-12
2013-07-01 16:07 - 2012-11-25 13:18 - 00019456 ___SH C:\Users\Public\Documents\Thumbs.db
2013-07-01 16:05 - 2013-07-01 16:07 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:05 - 2011-08-02 15:06 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-07-01 00:15 - 2013-07-01 16:07 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
2013-06-27 13:38 - 2011-08-02 15:06 - 00004248 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-06-27 12:49 - 2013-05-07 21:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-24 00:57 - 2011-08-02 16:41 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-20 22:34
==================== End Of Log ============================
--- --- --- |
|
23.07.2013, 18:44
| #10 | |
| /// the machine /// TB-Ausbilder | Nach qvo6 und SpyHunter Infektion noch Anzeichen? SecurityCheck zickt manchmal rum, ESET findet nur Kram in den Temps, und Adobe wird angemeckert weil er eben nicht aktuell ist, aktuell ist Version 11 Wenn man sich natürlich Sachen aus dem Netz läd Zitat:
 .Hier war es nur Adware Müll, also nix schlimmes. Passwörter ändern ist aber trotzdem Pflicht, Standard bei Befall. onlineBanking ist auch auf einem sauberen System nicht sicher, das muss mindestens mit Chiptan gemacht werden. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.07.2013, 08:55
| #11 |
| | Nach qvo6 und SpyHunter Infektion noch Anzeichen? Alles ist gut, werd mir deine Hinweise zu Herzen nehmen. Achso, der Fund von ESET (JS) ist mit TFC weg oder wie? Schönen Tag noch und herzlichen Dank!  |
|
24.07.2013, 11:38
| #12 |
| /// the machine /// TB-Ausbilder | Nach qvo6 und SpyHunter Infektion noch Anzeichen? Genau den hat TFC gelöscht. gern geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Nach qvo6 und SpyHunter Infektion noch Anzeichen? |
| antivir, bluescreen, desktop, e-banking, festplatte, flash player, google, igdpmd64.sys, infiziert., install.exe, js/trojandownloader.iframe.nke, malware, plug-in, popup, programm, prozess, realtek, registry, safer networking, security, software, spyhunter, spyhunter entfernen, svchost.exe, teamspeak, windows |
Linear-Darstellung
