| |
| |||||||
Log-Analyse und Auswertung: Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.09.2013, 19:18
| #1 |
| |  Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Hallo, nachdem ich versuche ein Programm zu öffnen (Opera) bekam ich die Meldung meines Virenscanners (AntiVir), dass Viren gefunden wurden. Der Virus bzw. die Adware heißt ADWARE/BHO.Bprotector.1.2 und es ist z.B. Skype befallen. Ich habe nun alle Anweisungen von dieser Seite befolgt und um die Programme zu installieren, musste ich auf mein Adminkonto wechseln. Ich habe vorher alle Programme runtergeladen und bevor ich das Konto wechselte, habe ich das Wlan ausgestellt. Als ich alles erledigt hatte und zurück zu meinem anderen Konto (das ich für den alltäglichen Gebrauch nutze), war dies nicht mehr möglich, es konnte nicht mehr gefunden werden. Das war im Grunde meine Problembeschreibung. Jetzt kommen die ganzen Logfiles! Die GMER Datei ist nicht vollständig, da es zuviele Zeichen geworden wären. Bei Bedarf würde ich die Log-File nachträglich posten! Antivir Code:
ATTFilter Exportierte Ereignisse:
09.09.2013 19:16 [System-Scanner] Malware gefunden
Die Datei
'c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8
e8}\BrowserDefender.dll'
enthielt einen Virus oder unerwünschtes Programm 'Adware/BHO.Bprotector.1.2'
[adware].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Windows\AppInit_Dlls> wurde erfolgreich repariert.
09.09.2013 19:16 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8
e8}\BrowserDefender.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.2'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.09.2013 19:15 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8
e8}\BrowserDefender.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.2'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.09.2013 22:59 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://178.33.234.137/siteserver/userVisit.php"
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen' [virus]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
28.08.2013 21:01 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://178.33.234.137/siteserver/userVisit.php"
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen' [virus]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:32 on 09/09/2013 (Leif)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Leif (administrator) on LEIF-PC on 09-09-2013 19:33:40
Running from Q:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [] - [x]
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-10] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293256 2012-10-10] (Lenovo Group Limited)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [385928 2010-02-24] (Nokia)
HKLM-x32\...\Run: [F-Secure ExploitShield] - C:\Program Files (x86)\F-Secure\ExploitShield\fsesgui.exe [629376 2009-06-29] (F-Secure Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [5998144 2012-09-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe [1683456 2013-02-14] (Bandoo Media, inc)
HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Leif_2\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Leif_2\...\Run: [AdobeBridge] - [x]
HKU\UpdatusUser\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll [1531256 2013-02-14] (Bandoo Media, inc)
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll c:\windows\syswow64\nvinit.dll [202600 2012-10-03] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Leif\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (No File)
Startup: C:\Users\Leif_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Leif_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119816&tt=gc_&babsrc=HP_ss_din2g&mntrId=342E685D43890A1D
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?utm_source=b&utm_medium=fox&from=fox&uid=198313_1050624_2142954431_3219913727_342E533C&ts=1355513859
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=342E685D43890A1D
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4A6F5241-F09A-433C-B436-1D0F9065080E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c4f1a904-284b-41b4-ad1c-962eb1c39eed&apn_sauid=A3E74190-CC0E-4891-8E97-61F942D59BCF
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss_din2g&mntrId=342E685D43890A1D
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {4A6F5241-F09A-433C-B436-1D0F9065080E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c4f1a904-284b-41b4-ad1c-962eb1c39eed&apn_sauid=A3E74190-CC0E-4891-8E97-61F942D59BCF
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Search-Results Toolbar - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Proxy Help - {F386E548-C533-472E-8C61-C026FB14FEA9} - C:\Windows\SysWow64\Newtabs_v9.dll (Newtabs. inc)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Search-Results Toolbar - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default
FF user.js: detected! => C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\firefox@ghostery.com
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\toolbar@ask.com
FF Extension: Search-Results Toolbar - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}
FF Extension: groovesharkUnlocker - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
FF Extension: No Name - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: No Name - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Website Logon) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0
CHR Extension: (Google Search) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [ijblflkdjdopkpdgllkmlbgcffjbnfda] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9.crx
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Leif\AppData\Local\Torch\Plugins\TorchPlugin.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 ExploitShield; C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe [326272 2009-06-29] (F-Secure Corporation)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-08-09] (AuthenTec, Inc)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187784 2012-10-10] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 _____ C:\Users\Leif\defogger_reenable
2013-09-09 19:30 - 2013-09-09 19:30 - 00012833 _____ C:\Users\Leif_2\Desktop\xx.odt
2013-09-09 08:44 - 2013-09-09 19:14 - 96732368 _____ C:\Windows\SysWOW64\ꆜ«
2013-09-05 21:43 - 2013-09-05 21:43 - 00000000 ____D C:\Users\Leif_2\Desktop\plage
2013-09-05 13:46 - 2013-09-07 11:55 - 92693019 _____ C:\Users\Leif_2\Desktop\lieke.psd
2013-09-04 11:27 - 2013-09-07 11:55 - 00000000 ____D C:\Users\Leif_2\Desktop\fuer bewerbung
2013-08-28 18:38 - 2013-08-28 20:19 - 00000000 ____D C:\Users\Leif_2\Desktop\din
2013-08-23 21:16 - 2013-08-23 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 14:44 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:44 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 14:44 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 14:44 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 14:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 14:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:44 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 14:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 14:43 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:43 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:43 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:43 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:43 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 11:54 - 2013-08-15 14:41 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:29 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 10:29 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 10:29 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 10:29 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 10:29 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 10:29 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 10:29 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 10:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 10:29 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 10:29 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 10:29 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 10:29 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 10:29 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 10:29 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 10:29 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 10:29 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 10:29 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 10:29 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 16:31 - 2013-08-11 16:31 - 00008557 _____ C:\Users\Leif_2\Documents\buch.odt
==================== One Month Modified Files and Folders =======
2013-09-09 19:33 - 2013-09-09 19:33 - 00000000 ____D C:\FRST
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 _____ C:\Users\Leif\defogger_reenable
2013-09-09 19:32 - 2012-11-10 12:47 - 00000000 ____D C:\Users\Leif
2013-09-09 19:31 - 2013-03-02 10:24 - 00000000 ____D C:\Users\Leif\AppData\Roaming\Dropbox
2013-09-09 19:31 - 2012-11-13 00:40 - 00000000 ____D C:\Users\Leif_2\AppData\Roaming\MediaMonkey
2013-09-09 19:30 - 2013-09-09 19:30 - 00012833 _____ C:\Users\Leif_2\Desktop\xx.odt
2013-09-09 19:30 - 2012-11-10 12:47 - 01779221 _____ C:\Windows\WindowsUpdate.log
2013-09-09 19:28 - 2012-11-11 15:47 - 00000000 ____D C:\Users\Leif_2\AppData\Roaming\Skype
2013-09-09 19:14 - 2013-09-09 08:44 - 96732368 _____ C:\Windows\SysWOW64\ꆜ«
2013-09-08 19:46 - 2013-04-16 07:42 - 00083923 _____ C:\Windows\setupact.log
2013-09-07 11:55 - 2013-09-05 13:46 - 92693019 _____ C:\Users\Leif_2\Desktop\lieke.psd
2013-09-07 11:55 - 2013-09-04 11:27 - 00000000 ____D C:\Users\Leif_2\Desktop\fuer bewerbung
2013-09-06 10:03 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-06 10:03 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-06 10:03 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 21:43 - 2013-09-05 21:43 - 00000000 ____D C:\Users\Leif_2\Desktop\plage
2013-09-05 10:33 - 2012-11-11 15:10 - 00000000 ____D C:\Users\Leif_2\Graphisoft
2013-09-04 15:29 - 2013-05-06 13:49 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 15:29 - 2013-03-28 09:14 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 15:29 - 2013-03-28 09:14 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 20:19 - 2013-08-28 18:38 - 00000000 ____D C:\Users\Leif_2\Desktop\din
2013-08-23 21:16 - 2013-08-23 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 21:16 - 2012-11-10 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 14:13 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 14:13 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 14:41 - 2013-08-15 11:54 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 11:54 - 2012-11-12 16:22 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 00008557 _____ C:\Users\Leif_2\Documents\buch.odt
Files to move or delete:
====================
C:\Users\Leif_2\3t1tts9nq9678.exe
C:\Users\Leif_2\axxs95v6uku73.exe
C:\Users\Leif\AppData\Local\Temp\cirin_mu.dll
C:\Users\Leif\AppData\Local\Temp\DeltaTB.exe
C:\Users\Leif\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Leif\AppData\Local\Temp\install.exe
C:\Users\Leif\AppData\Local\Temp\LyricsPal.exe
C:\Users\Leif\AppData\Local\Temp\NEventMessages.dll
C:\Users\Leif\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Leif\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Leif\AppData\Local\Temp\sfareca00001.dll
C:\Users\Leif\AppData\Local\Temp\sfextra.dll
C:\Users\Leif\AppData\Local\Temp\uninst1.exe
C:\Users\Leif_2\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Leif_2\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Leif_2\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Users\Leif_2\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe
C:\Users\Leif_2\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 13:47
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Leif at 2013-09-09 19:34:26
Running from Q:\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
AbiWord 2.9.4 (x32 Version: 2.9.4)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.0.0)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Content Viewer (x32 Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (x32 Version: 5.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Story (x32 Version: 1.0.571)
Adobe Widget Browser (x32 Version: 2.0 Build 230)
Adobe Widget Browser (x32 Version: 2.0.230)
Anzeige am Bildschirm (Version: 7.06.00)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.15.11.0)
Audacity 2.0.2 (x32 Version: 2.0.2)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.30498)
Biet-O-Matic v2.14.12 (x32 Version: 2.14.12)
Biet-O-Matic v2.14.8 (x32 Version: 2.14.8)
Broadcom 802.11 Network Adapter (Version: 5.100.82.130)
Brother MFL-Pro Suite DCP-135C (x32 Version: 1.0.2.0)
Bundled software uninstaller (x32)
Canon MG5100 series MP Drivers
CCleaner (Version: 4.00)
CDBurnerXP (x32 Version: 4.5.0.3661)
CINEMA 4D 11.514 (Version: 11.514)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.4518.1014)
concept/design onlineTV 8 (x32 Version: 8.2.0.1)
DHTML Editing Component (x32 Version: 6.02.0001)
Dropbox (HKCU Version: 2.0.26)
Energie-Manager (x32 Version: 6.36)
Fingerprint Reader (Version: 5.4.100.233)
Foxit Reader (x32 Version: 5.4.4.1023)
Free FLV Converter V 7.5.0 (x32 Version: 7.5.0.0)
F-Secure ExploitShield (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
hiCAD 14 GER (Version: 14.0)
Integrated Camera Driver Installer Package Ver.1.2.1.16 (x32 Version: 1.2.1.16)
Intel PROSet Wireless
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2696)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.0.0140)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel(R) WiDi (Version: 3.1.29.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830)
Java 7 Update 25 (x32 Version: 7.0.250)
K-Lite Codec Pack 9.4.0 (64-bit) (Version: 9.4.0)
Lenovo Auto Scroll Utility (Version: 1.34)
Lenovo Patch Utility (x32 Version: 1.3.1.1)
Lenovo Patch Utility 64 bit (Version: 1.3.1.1)
Lenovo Power Management Driver (Version: 1.65.05.21)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo System Update (x32 Version: 5.02.0018)
Maxwell 2 (x32)
Maxwell for Rhinoceros 4 (x32 Version: 1.6.8)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.4518.1014)
Microsoft VC80 Support DLLs (x32 Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Miranda IM 0.10.8 (x32 Version: 0.10.8)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Netscape Navigator (9.0.0.6) (x32 Version: 9.0.0.6 (en-US))
NewTabs Uninstall (x32)
Nokia Connectivity Cable Driver (x32 Version: 7.1.27.0)
Nokia Ovi Suite (x32 Version: 2.1.1.1)
Nokia Ovi Suite Software Updater (x32 Version: 02.04.004.41370)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.10 (x32 Version: 12.10.1652)
Ovi Desktop Sync Engine (x32 Version: 1.2.269.0)
OviMPlatform (x32 Version: 2.6.86.0)
PC Connectivity Solution (x32 Version: 10.6.2.0)
PDF Settings CS5 (x32 Version: 10.0)
PxMergeModule (x32 Version: 1.00.0000)
QuickTime (x32 Version: 7.73.80.64)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005)
Rhinoceros 4.0 (x32 Version: 4.0.20118)
Rhinoceros 4.0 SR7 (x32 Version: 4.0.41030)
Samsung SSD Magician (x32 Version: 3.2)
Search-Results Toolbar (x32 Version: 1.0.0.12)
Skype™ 6.3 (x32 Version: 6.3.107)
Speak-A-Message (x32 Version: 8.0.0)
SpeedFan (remove only) (x32)
ThinkPad UltraNav Driver (Version: 16.2.14.0)
ThinkPad Wireless LAN Adapter Software (x32 Version: 1.00.0031.1)
ThinkVantage Access Connections (x32 Version: 5.97)
ThinkVantage Communications Utility (Version: 3.0.37.0)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.9)
Torch (HKCU Version: 23.0.0.2585)
Turbo Lister 2 (x32 Version: 2.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Vectorworks 2013 Hilfe (x32 Version: 1.0)
VLC media player 2.0.7 (Version: 2.0.7)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
WinZip 17.0 (x32 Version: 17.0.10283)
==================== Restore Points =========================
==================== Hosts content: ==========================
2012-11-12 15:10 - 2012-11-12 15:10 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {0423F42B-04AF-499D-B85B-4958DB66D753} - System32\Tasks\EPUpdater => C:\Users\Leif\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {15CC91A1-EC94-496F-A3D7-97C47805916B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-29] ()
Task: {39D40690-2E74-41A2-8706-5150C2207390} - System32\Tasks\AdobeAAMUpdater-1.0-Leif-PC-Leif => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {49A289BE-8A45-4E03-AC21-A7F6BE98260E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {4E7C7339-9505-45BE-821B-B1D8C68E0556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {536C0322-4FD5-4CA0-81E1-1197672F706E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {5B9F579C-D1C0-4357-A05C-84FEC10D1394} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {7FC9C7A7-0535-493A-8EC2-456611706BE9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2013-05-17] ()
Task: {8052EF62-7DA4-4D78-926D-12A9AB4978EC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {DB90D4AF-B2CC-46C5-B5A2-4B74D51FA537} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25] (Adobe Systems Incorporated)
Task: {FA8D345F-E64B-4C4B-AE4C-A93CBA12CC75} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateHardwareScanTask.job => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7f3e1c1e4db8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RebootCountTask.job => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: C:\Windows\Tasks\Time72Task.job => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) ==========
AlternateDataStreams: C:\Users\Leif_2\AppData\Local\Temp:XMIbwXHnRlylAsvW21HzeZWKog
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/09/2013 07:31:31 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Nokia Ovi Suite 2 wurde wegen dieses Fehlers geschlossen.
Programm: Nokia Ovi Suite 2
Datei:
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0
Error: (09/09/2013 07:31:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NokiaOviSuite.exe, Version: 2.1.1.1, Zeitstempel: 0x4b857b2b
Name des fehlerhaften Moduls: NokiaOviSuite.exe, Version: 2.1.1.1, Zeitstempel: 0x4b857b2b
Ausnahmecode: 0xc0000096
Fehleroffset: 0x00010023
ID des fehlerhaften Prozesses: 0x2740
Startzeit der fehlerhaften Anwendung: 0xNokiaOviSuite.exe0
Pfad der fehlerhaften Anwendung: NokiaOviSuite.exe1
Pfad des fehlerhaften Moduls: NokiaOviSuite.exe2
Berichtskennung: NokiaOviSuite.exe3
Error: (09/09/2013 07:31:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SYNTPHELPER.EXE, Version: 16.2.14.0, Zeitstempel: 0x504a5540
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000986ea
ID des fehlerhaften Prozesses: 0x3d30
Startzeit der fehlerhaften Anwendung: 0xSYNTPHELPER.EXE0
Pfad der fehlerhaften Anwendung: SYNTPHELPER.EXE1
Pfad des fehlerhaften Moduls: SYNTPHELPER.EXE2
Berichtskennung: SYNTPHELPER.EXE3
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:23:45 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
System errors:
=============
Error: (09/09/2013 07:31:42 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (09/09/2013 07:30:22 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:30:22 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:45 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Microsoft Office Sessions:
=========================
Error: (09/09/2013 07:31:31 PM) (Source: Application Error)(User: )
Description: Nokia Ovi Suite 2000000000
Error: (09/09/2013 07:31:31 PM) (Source: Application Error)(User: )
Description: NokiaOviSuite.exe2.1.1.14b857b2bNokiaOviSuite.exe2.1.1.14b857b2bc000009600010023274001cead826783f165C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exeC:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exeaa0d4cd5-1975-11e3-a428-b888e33285a4
Error: (09/09/2013 07:31:25 PM) (Source: Application Error)(User: )
Description: SYNTPHELPER.EXE16.2.14.0504a5540ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea3d3001cead8267ad2448C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\SYSTEM32\ntdll.dlla684c1ec-1975-11e3-a428-b888e33285a4
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path25900
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path17900
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path23808600
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path21808600
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path18808600
Error: (09/09/2013 07:23:45 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 11853.63 MB
Available physical RAM: 9334.44 MB
Total Pagefile: 23705.44 MB
Available Pagefile: 21031.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:124.8 GB) (Free:18.95 GB) NTFS
Drive q: (Volume) (Fixed) (Total:113.57 GB) (Free:10.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: A1F3293F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=125 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: ECCEAE0D)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
Partition 2: (Not Active) - (Size=7 GB) - (Type=73)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-09 19:43:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CXM0 238,47GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Leif\AppData\Local\Temp\kxldapob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002dbf000 71 bytes [48, 83, EC, 20, 48, B8, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 616 fffff80002dbf048 21 bytes [73, 2D, FF, C7, 85, 3D, 76, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1984] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe[1948] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2176] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000071891b41 2 bytes [89, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000071891be8 2 bytes [89, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000071891c20 2 bytes [89, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000071891cd2 2 bytes [89, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000071891cf2 2 bytes [89, 71]
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2736] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2800] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4968] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6920] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff7490 11 bytes JMP 000007fffd0e0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00bf00 7 bytes JMP 000007fffd0e0260
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0c00d8
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0c0148
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0c0180
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0c0110
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0c01f0
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0c01b8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075541429 7 bytes JMP 000000017362128f
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007555b223 5 bytes JMP 000000017362159b
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755d88f4 7 bytes JMP 0000000173621339
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000755d8979 5 bytes JMP 00000001736216b8
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755d8ccf 5 bytes JMP 000000017362101e
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075861d1b 5 bytes JMP 00000001736211d1
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075861dc9 5 bytes JMP 0000000173621019
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075862aa4 5 bytes JMP 000000017362154b
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075862d0a 5 bytes JMP 0000000173621276
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e3e9a2 5 bytes JMP 00000001736215b4
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e3ebdc 5 bytes JMP 000000017362119a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000753c5ea5 5 bytes JMP 00000001736215e6
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753f9d0b 5 bytes JMP 000000017362122b
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075541429 7 bytes JMP 000000017362128f
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007555b223 5 bytes JMP 000000017362159b
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755d88f4 7 bytes JMP 0000000173621339
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000755d8979 5 bytes JMP 00000001736216b8
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755d8ccf 5 bytes JMP 000000017362101e
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075861d1b 5 bytes JMP 00000001736211d1
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075861dc9 5 bytes JMP 0000000173621019
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075862aa4 5 bytes JMP 000000017362154b
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075862d0a 5 bytes JMP 0000000173621276
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e3e9a2 5 bytes JMP 00000001736215b4
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e3ebdc 5 bytes JMP 000000017362119a
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000753c5ea5 5 bytes JMP 00000001736215e6
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753f9d0b 5 bytes JMP 000000017362122b
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075541429 7 bytes JMP 000000017362128f
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007555b223 5 bytes JMP 000000017362159b
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755d88f4 7 bytes JMP 0000000173621339
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000755d8979 5 bytes JMP 00000001736216b8
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755d8ccf 5 bytes JMP 000000017362101e
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075861d1b 5 bytes JMP 00000001736211d1
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075861dc9 5 bytes JMP 0000000173621019
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075862aa4 5 bytes JMP 000000017362154b
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075862d0a 5 bytes JMP 0000000173621276
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e3e9a2 5 bytes JMP 00000001736215b4
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e3ebdc 5 bytes JMP 000000017362119a
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000753c5ea5 5 bytes JMP 00000001736215e6
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753f9d0b 5 bytes JMP 000000017362122b
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff7490 11 bytes JMP 000007fffd0e0228
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00bf00 7 bytes JMP 000007fffd0e0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff7490 11 bytes JMP 000007fffd0e0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00bf00 7 bytes JMP 000007fffd0e0260
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075541429 7 bytes JMP 000000017362128f
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007555b223 5 bytes JMP 000000017362159b
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755d88f4 7 bytes JMP 0000000173621339
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000755d8979 5 bytes JMP 00000001736216b8
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755d8ccf 5 bytes JMP 000000017362101e
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075861d1b 5 bytes JMP 00000001736211d1
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075861dc9 5 bytes JMP 0000000173621019
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075862aa4 5 bytes JMP 000000017362154b
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075862d0a 5 bytes JMP 0000000173621276
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e3e9a2 5 bytes JMP 00000001736215b4
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e3ebdc 5 bytes JMP 000000017362119a
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000753c5ea5 5 bytes JMP 00000001736215e6
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753f9d0b 5 bytes JMP 000000017362122b
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
...
Viele Grüße. |
|
09.09.2013, 19:26
| #2 | |
| /// the machine /// TB-Ausbilder    | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
09.09.2013, 20:16
| #3 |
| | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Hallo,
__________________erstmal danke für die superschnelle Antwort! Ich habe Antivir deaktiviert, aber Combofix meinte irgendwie, dass es noch laufen würde. hier die Log-File. Ist das die richtige? Code:
ATTFilter ComboFix 13-09-09.04 - Leif 09.09.2013 20:48:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.11854.8884 [GMT 2:00]
ausgeführt von:: C:\Users\Leif\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
|
|
10.09.2013, 08:01
| #4 |
| /// the machine /// TB-Ausbilder | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Das ist nur en Bruchstück vom Log, poste es bitte nochmal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2013, 08:49
| #5 |
| | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Guten Morgen, also in der Combofix.txt im combofix ordner ist nur das zu finden. Kann es daran liegen, dass diverse Fehlermedlungen kamen? Und zwar wurde gemeldet, dass "find string" nicht mehr funktionieren würde. Die Meldung kam bei den Stufen 7, 8 und 21 als ich Combofix laufen ließ. EDIT: Ich hab nochmal etwas über das Abschalten meines Virenscanenr gelesen und vermutlich war dieser nicht richtig abgeschaltet. Ich versuche nun nochmals Combofix laufen zu lassen. Vermutlich wurde von Antivir etwas blockiert? Nun scheint alles funktioniert zu haben, hier die Logfil von Combofix Code:
ATTFilter ComboFix 13-09-09.04 - Leif 10.09.2013 9:33.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.11854.9440 [GMT 2:00]
ausgeführt von:: c:\users\Leif\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Searchqu Toolbar\Datamngr
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
c:\programdata\BrowserDefender
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
c:\programdata\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\Leif\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Leif_2\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Leif_2\axxs95v6uku73.exe
.
---- Vorheriger Suchlauf -------
.
C:\install.exe
c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Roaming
C:\Win
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-10 bis 2013-09-10 ))))))))))))))))))))))))))))))
.
.
2013-09-10 07:39 . 2013-09-10 07:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-10 07:39 . 2013-09-10 07:39 -------- d-----w- c:\users\Leif_2\AppData\Local\temp
2013-09-10 07:39 . 2013-09-10 07:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-09 17:33 . 2013-09-09 17:33 -------- d-----w- C:\FRST
2013-08-15 12:43 . 2013-07-26 05:13 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-15 12:43 . 2013-07-26 05:12 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-15 12:43 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-15 12:43 . 2013-07-26 03:13 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-15 12:43 . 2013-07-26 03:12 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-15 12:43 . 2013-07-26 05:13 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-08-15 12:43 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-15 12:43 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-15 09:54 . 2013-08-15 12:41 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-04 13:29 . 2013-05-06 11:49 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-04 13:29 . 2013-03-28 07:14 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-04 13:29 . 2013-03-28 07:14 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-15 09:54 . 2012-11-12 14:22 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-25 20:39 . 2012-11-10 16:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-25 20:39 . 2012-11-10 16:32 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-01 13:43 . 2013-07-01 13:43 49152 ----a-r- c:\windows\SysWow64\inetwh32.dll
2013-07-01 13:43 . 2013-07-01 13:43 1044480 ----a-r- c:\windows\SysWow64\roboex32.dll
2013-06-27 15:18 . 2013-06-27 15:18 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-27 15:18 . 2012-12-13 22:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-27 15:18 . 2012-11-10 19:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-29 16:33 1521872 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}]
2012-08-01 21:47 66984 ----a-w- c:\windows\SysWOW64\Newtabs_v9.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Leif\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Leif\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Leif\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"F-Secure ExploitShield"="c:\program files (x86)\F-Secure\ExploitShield\fsesgui.exe" [2009-06-29 629376]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-04 347192]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-09-24 5998144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
.
c:\users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Leif\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-6-5 27370808]
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe /AUTOHIDE [2012-11-22 1507328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 ExploitShield;F-Secure Exploit Shield Service;c:\program files (x86)\F-Secure\ExploitShield\fsessrv.exe;c:\program files (x86)\F-Secure\ExploitShield\fsessrv.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 06:45 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 20:39]
.
2013-07-24 c:\windows\Tasks\CreateHardwareScanTask.job
- c:\program files\Lenovo\Lenovo Solution Center\App\LSCScheduler.exe [2013-05-17 15:45]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce7f3e1c1e4db8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 21:19]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 21:19]
.
2013-07-24 c:\windows\Tasks\RebootCountTask.job
- c:\program files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-17 15:44]
.
2013-07-24 c:\windows\Tasks\Time72Task.job
- c:\program files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-17 15:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Leif\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Leif\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Leif\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Leif\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-27 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-27 439064]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"TpShocks"="TpShocks.exe" [2012-09-20 228744]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-10-10 293256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=119816&tt=gc_&babsrc=HP_ss_din2g&mntrId=342E685D43890A1D
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 342e533c000000000000685d43890a1d
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15860
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.57:08
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119816&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\SEARCH~1\Datamngr\BROWSE~1.DLL
Toolbar-{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\SEARCH~1\Datamngr\DATAMN~1.EXE
c:\users\Leif_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\Leif_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
c:\users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-koyotesofttoolbarnew - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-10 09:43:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-09-10 07:43
.
Vor Suchlauf: 13 Verzeichnis(se), 22.927.458.304 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 21.435.928.576 Bytes frei
.
- - End Of File - - 93BB50FF395A57169571C53A677FC35D
Geändert von E.Sinclair (10.09.2013 um 08:26 Uhr) |
|
10.09.2013, 09:10
| #6 |
| /// the machine /// TB-Ausbilder | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 |
|
10.09.2013, 09:56
| #7 |
| | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Während JRT lief, fand mein Virenscanner im Downloadordner folgenden Virus: "Ultimatecodec.exe" Ich habe ihn durch meinen Virenscanner entfernen lassen. malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.10.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Leif :: LEIF-PC [Administrator] Schutz: Aktiviert 10.09.2013 10:15:43 mbam-log-2013-09-10 (10-15-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 273262 Laufzeit: 3 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 10 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F386E548-C533-472E-8C61-C026FB14FEA9} (PUP.NewTab.VCom) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9} (PUP.NewTab.VCom) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\DATAMNGR (PUP.Optional.Searchqu.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=342E685D43890A1D -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\DataMngr|Folder (PUP.Optional.Searchqu.A) -> Daten: C:\Program Files (x86)\Searchqu Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\Leif\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\OpenCandy\3A4D826F65B448B68C6C4F2E88B37741 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\OpenCandy\F9FA0F8A86DE4652A21CA28EABE0E826 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 11 C:\Windows\SysWOW64\Newtabs_v9.dll (PUP.NewTab.VCom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\OpenCandy\F9FA0F8A86DE4652A21CA28EABE0E826\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\OpenCandy\3A4D826F65B448B68C6C4F2E88B37741\TuneUpUtilities2013-2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\OpenCandy\F9FA0F8A86DE4652A21CA28EABE0E826\5472.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\OpenCandy\F9FA0F8A86DE4652A21CA28EABE0E826\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Leif\AppData\Roaming\OpenCandy\F9FA0F8A86DE4652A21CA28EABE0E826\OCBrowserHelper_1.0.6.124.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Searchqu Toolbar\sysid.ini (PUP.Optional.Searchqu) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Searchqu Toolbar\uninstall.exe (PUP.Optional.Searchqu) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 10/09/2013 um 10:25:00
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Leif - LEIF-PC
# Gestartet von : C:\Users\Leif\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\Leif\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Leif\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Leif\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Leif\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Leif\AppData\LocalLow\koyotesofttoolbarnew
Ordner Gelöscht : C:\Users\Leif\AppData\LocalLow\searchresultstb
Ordner Gelöscht : C:\Users\Leif_2\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Leif_2\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\koyotesofttoolbarnew
Ordner Gelöscht : C:\Users\Leif_2\AppData\Roaming\Mozilla\Firefox\Profiles\y9l1nyjp.default\koyotesofttoolbarnew
Ordner Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Ordner Gelöscht : C:\Users\Leif_2\AppData\Roaming\Mozilla\Firefox\Profiles\y9l1nyjp.default\Extensions\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Ordner Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\\invalidprefs.js
Datei Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\v9.xml
Datei Gelöscht : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKCU\Software\582dc8cb13fef12
Schlüssel Gelöscht : HKLM\SOFTWARE\582dc8cb13fef12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\SearchquSRTB
Schlüssel Gelöscht : HKLM\Software\V9Software
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "342e533c000000000000685d43890a1d");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15860");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.57:08:45");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119816&tt=gc_");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[ Datei : C:\Users\Leif_2\AppData\Roaming\Mozilla\Firefox\Profiles\y9l1nyjp.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=c4f1a904-284b-41b4-ad1c-962eb1c39eed&apn_ptnrs=%5EAGS&apn_sauid=A3E74190-CC0E-4891[...]
*************************
AdwCleaner[R0].txt - [14309 octets] - [10/09/2013 10:24:25]
AdwCleaner[S0].txt - [13602 octets] - [10/09/2013 10:25:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13663 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x64
Ran by Leif on 10.09.2013 at 10:28:21,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4A6F5241-F09A-433C-B436-1D0F9065080E}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Leif\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Leif\appdata\locallow\datamngr"
~~~ FireFox
Emptied folder: C:\Users\Leif\AppData\Roaming\mozilla\firefox\profiles\htfbv212.default\minidumps [16 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.09.2013 at 10:44:34,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Leif (administrator) on LEIF-PC on 10-09-2013 10:46:55
Running from Q:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dropbox, Inc.) C:\Users\Leif\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\ExploitShield\fsesgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
() C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Thisisu) C:\Users\Leif\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-10] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293256 2012-10-10] (Lenovo Group Limited)
HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [385928 2010-02-24] (Nokia)
HKLM-x32\...\Run: [F-Secure ExploitShield] - C:\Program Files (x86)\F-Secure\ExploitShield\fsesgui.exe [629376 2009-06-29] (F-Secure Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [5998144 2012-09-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Leif_2\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Leif_2\...\Run: [AdobeBridge] - [x]
HKU\UpdatusUser\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-03] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-10-03] (NVIDIA Corporation)
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Leif\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\firefox@ghostery.com.xpi
FF Extension: groovesharkUnlocker - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Drive) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Website Logon) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0
CHR Extension: (Google Search) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 ExploitShield; C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe [326272 2009-06-29] (F-Secure Corporation)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-08-09] (AuthenTec, Inc)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187784 2012-10-10] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-10 10:28 - 2013-09-10 10:28 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 10:24 - 2013-09-10 10:25 - 00000000 ____D C:\AdwCleaner
2013-09-10 10:12 - 2013-09-10 10:12 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\Users\Leif\AppData\Roaming\Malwarebytes
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 10:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-10 10:11 - 2013-09-10 10:11 - 01029490 _____ (Thisisu) C:\Users\Leif\Downloads\JRT.exe
2013-09-10 10:10 - 2013-09-10 10:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leif\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 10:10 - 2013-09-10 10:10 - 01037278 _____ C:\Users\Leif\Downloads\adwcleaner.exe
2013-09-10 09:43 - 2013-09-10 09:43 - 00029385 _____ C:\ComboFix.txt
2013-09-10 09:32 - 2013-09-10 09:32 - 00001453 _____ C:\Users\Leif\Desktop\ComboFix - Verknüpfung.lnk
2013-09-09 21:24 - 2013-09-09 21:24 - 00013005 _____ C:\Users\Leif_2\Desktop\Unbenannt 1.odt
2013-09-09 21:09 - 2013-09-09 21:09 - 00740928 _____ C:\Windows\Minidump\090913-6848-01.dmp
2013-09-09 20:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-09 20:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-09 20:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-09 20:33 - 2013-09-10 09:43 - 00000000 ____D C:\Qoobox
2013-09-09 20:33 - 2013-09-10 09:41 - 00000000 ____D C:\Windows\erdnt
2013-09-09 20:31 - 2013-09-09 20:31 - 05124371 ____R (Swearware) C:\Users\Leif\Downloads\ComboFix.exe
2013-09-09 19:33 - 2013-09-09 19:33 - 00000000 ____D C:\FRST
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 _____ C:\Users\Leif\defogger_reenable
2013-09-09 19:30 - 2013-09-10 09:30 - 00015182 _____ C:\Users\Leif_2\Desktop\xx.odt
2013-09-05 21:43 - 2013-09-05 21:43 - 00000000 ____D C:\Users\Leif_2\Desktop\plage
2013-09-05 13:46 - 2013-09-07 11:55 - 92693019 _____ C:\Users\Leif_2\Desktop\lieke.psd
2013-09-04 11:27 - 2013-09-10 00:08 - 00000000 ____D C:\Users\Leif_2\Desktop\fuer bewerbung
2013-08-28 18:38 - 2013-08-28 20:19 - 00000000 ____D C:\Users\Leif_2\Desktop\din
2013-08-23 21:16 - 2013-08-23 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 14:44 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:44 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 14:44 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 14:44 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 14:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 14:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:44 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 14:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 14:43 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:43 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:43 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:43 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:43 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 11:54 - 2013-08-15 14:41 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:29 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 10:29 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 10:29 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 10:29 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 10:29 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 10:29 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 10:29 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 10:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 10:29 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 10:29 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 10:29 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 10:29 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 10:29 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 10:29 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 10:29 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 10:29 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 10:29 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 10:29 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 16:31 - 2013-08-11 16:31 - 00008557 _____ C:\Users\Leif_2\Documents\buch.odt
==================== One Month Modified Files and Folders =======
2013-09-10 10:44 - 2013-09-10 10:44 - 00002629 _____ C:\Users\Leif\Desktop\JRT.txt
2013-09-10 10:33 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 10:33 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 10:32 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-10 10:32 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-10 10:32 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 10:28 - 2013-09-10 10:28 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 10:26 - 2013-04-16 07:42 - 00084259 _____ C:\Windows\setupact.log
2013-09-10 10:26 - 2013-03-02 10:26 - 00000000 ___RD C:\Users\Leif\Dropbox
2013-09-10 10:26 - 2013-03-02 10:24 - 00000000 ____D C:\Users\Leif\AppData\Roaming\Dropbox
2013-09-10 10:26 - 2012-11-10 12:47 - 01821327 _____ C:\Windows\WindowsUpdate.log
2013-09-10 10:25 - 2013-09-10 10:24 - 00000000 ____D C:\AdwCleaner
2013-09-10 10:21 - 2013-04-16 15:08 - 00013288 _____ C:\Windows\PFRO.log
2013-09-10 10:12 - 2013-09-10 10:12 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\Users\Leif\AppData\Roaming\Malwarebytes
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 10:11 - 2013-09-10 10:11 - 01029490 _____ (Thisisu) C:\Users\Leif\Downloads\JRT.exe
2013-09-10 10:10 - 2013-09-10 10:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leif\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 10:10 - 2013-09-10 10:10 - 01037278 _____ C:\Users\Leif\Downloads\adwcleaner.exe
2013-09-10 09:43 - 2013-09-10 09:43 - 00029385 _____ C:\ComboFix.txt
2013-09-10 09:43 - 2013-09-09 20:33 - 00000000 ____D C:\Qoobox
2013-09-10 09:43 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-10 09:42 - 2012-11-10 12:47 - 00000000 ___RD C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-10 09:41 - 2013-09-09 20:33 - 00000000 ____D C:\Windows\erdnt
2013-09-10 09:40 - 2009-07-14 04:34 - 66060288 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 16515072 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-10 09:39 - 2012-11-11 14:50 - 00000000 ____D C:\Users\Leif_2
2013-09-10 09:32 - 2013-09-10 09:32 - 00001453 _____ C:\Users\Leif\Desktop\ComboFix - Verknüpfung.lnk
2013-09-10 09:30 - 2013-09-09 19:30 - 00015182 _____ C:\Users\Leif_2\Desktop\xx.odt
2013-09-10 00:08 - 2013-09-04 11:27 - 00000000 ____D C:\Users\Leif_2\Desktop\fuer bewerbung
2013-09-10 00:08 - 2012-11-13 00:40 - 00000000 ____D C:\Users\Leif_2\AppData\Roaming\MediaMonkey
2013-09-09 21:24 - 2013-09-09 21:24 - 00013005 _____ C:\Users\Leif_2\Desktop\Unbenannt 1.odt
2013-09-09 21:09 - 2013-09-09 21:09 - 00740928 _____ C:\Windows\Minidump\090913-6848-01.dmp
2013-09-09 21:09 - 2013-03-15 09:06 - 00000000 ____D C:\Windows\Minidump
2013-09-09 21:09 - 2012-11-10 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-09 20:31 - 2013-09-09 20:31 - 05124371 ____R (Swearware) C:\Users\Leif\Downloads\ComboFix.exe
2013-09-09 19:33 - 2013-09-09 19:33 - 00000000 ____D C:\FRST
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 _____ C:\Users\Leif\defogger_reenable
2013-09-09 19:32 - 2012-11-10 12:47 - 00000000 ____D C:\Users\Leif
2013-09-09 19:28 - 2012-11-11 15:47 - 00000000 ____D C:\Users\Leif_2\AppData\Roaming\Skype
2013-09-07 11:55 - 2013-09-05 13:46 - 92693019 _____ C:\Users\Leif_2\Desktop\lieke.psd
2013-09-05 21:43 - 2013-09-05 21:43 - 00000000 ____D C:\Users\Leif_2\Desktop\plage
2013-09-05 10:33 - 2012-11-11 15:10 - 00000000 ____D C:\Users\Leif_2\Graphisoft
2013-09-04 15:29 - 2013-05-06 13:49 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 15:29 - 2013-03-28 09:14 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 15:29 - 2013-03-28 09:14 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 20:19 - 2013-08-28 18:38 - 00000000 ____D C:\Users\Leif_2\Desktop\din
2013-08-23 21:16 - 2013-08-23 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 14:41 - 2013-08-15 11:54 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 11:54 - 2012-11-12 16:22 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 00008557 _____ C:\Users\Leif_2\Documents\buch.odt
Files to move or delete:
====================
C:\Users\Leif_2\3t1tts9nq9678.exe
C:\Users\Leif\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Leif\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 13:47
==================== End Of Log ============================
--- --- --- |
|
10.09.2013, 11:16
| #8 |
| /// the machine /// TB-Ausbilder | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2013, 19:11
| #9 |
| | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Hallo, hier die Logfile vom ESET. Ich konnte meinen USB-Stick nicht mit anschließen, weil ich nicht genügend Plätze zur Verfügung hatte. Ist das schlimm? Nach sieben Stunden scannen, kam dieses Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=14d85f7199000f448b190b39a2d07712
# engine=15073
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-10 05:40:00
# local_time=2013-09-10 07:40:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 38172 244254490 30958 0
# compatibility_mode=5893 16776574 100 94 5136816 130464650 0 0
# scanned=493389
# found=27
# cleaned=0
# scan_time=25751
sh=39DF8631F672BC85CE6B493A1D1F9A7697EC8DFD ft=1 fh=5afdc74e072c99c4 vn="BAT/CoinMiner.BB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Leif_2\axxs95v6uku73.exe.vir"
sh=3463C1202404861E9676502225EC032B6FA5E9CD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6f007dc1-1c2c8ce4"
sh=D9F91EC7E7B1BD104C09AF2EA0572E272AD57C11 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5ebe968b-40288664"
sh=0A30EDB094545B657404CE6181AA570BE74D5B40 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\3df5e9dd-671c3cf5"
sh=4B194F7C1897217A0E9C90090A04BB0168718417 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\21b0cde0-18d0ef6d"
sh=4B194F7C1897217A0E9C90090A04BB0168718417 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\21b0cde0-3936333b"
sh=D7B349FA7D594B55F98FAF994731B7A370887441 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\320e3f60-4ebc18fa"
sh=DEB8F587C8754C47C193BB45B46C25367D7D82DA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\568f6121-4963b02d"
sh=7ABBB6DF0E1858031EC43557ADF315D308AE89C5 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PKR trojan" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7f2ac32f-5712a0a1"
sh=CCD9F3035452C43E7385E466DE54CE7B3856AE7D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2f5bcdf0-1c585d69"
sh=4B85C86F69D4371917EAD143F7669A1BF8E74705 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\2dc0ac3d-4cf7875c"
sh=A5673671A53391A5668555703B0C3FDB2C7AAF4E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\421205fd-3ce801a2"
sh=0DE437B6580EAE5D3BD8E02744D542A8CE3F86A9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5ccb4e3e-4d876894"
sh=0DE437B6580EAE5D3BD8E02744D542A8CE3F86A9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Leif_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5ccb4e3e-70699474"
sh=2D68A09E2DE3BA3CA54B32C0342C360B342915BF ft=0 fh=0000000000000000 vn="BAT/CoinMiner.BB trojan" ac=I fn="C:\Users\Leif_2\AppData\Roaming\noc\1.bat"
sh=E16A476004C1009490FC50D462BA22A13C5A0116 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Toolbar.Shopper.AB application" ac=I fn="E:\Der Produzent ShareAccelerator.zip"
sh=F70392B1B4B66B29EA518330CAFE5BF2E3A0BC0C ft=1 fh=3582d0fb08b016a0 vn="multiple threats" ac=I fn="E:\Dell Laptop\040212 formation\download\Spydig_Setup.exe"
sh=F5ECE63735C352F1E4E72144F5262633797A810D ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.JGIFYBE trojan" ac=I fn="E:\Dell Laptop\Downloads\Rhino3D\RhinoMarine\RhinoMarine.v4.0.1.rar"
sh=CD0730758A00C5A3BEE17F91F468DA31B98887A8 ft=1 fh=2d65a64a26fac911 vn="Win32/Conficker.AA worm" ac=I fn="E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx"
sh=866168B175E802C0669A843D04CA3C8482FEF7A8 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.FIHHLNQ trojan" ac=I fn="E:\trekstor\ebrbgs\My Downloads\kenny the kooks rogers.wma"
sh=C7B993C5A5063247674161856C7C75D657A3DB1C ft=0 fh=0000000000000000 vn="WMA/TrojanDownloader.GetCodec.C trojan" ac=I fn="E:\trekstor\ebrbgs\My Downloads\The Kooks - She moves in her own way(1).mp3"
sh=3579F640F40E5853C45AE45F08D74CE9C74305D8 ft=0 fh=0000000000000000 vn="Win32/TrojanDropper.Delf.XO trojan" ac=I fn="E:\trekstor\ebrbgs\My Downloads\Xilisoft.FLV.Converter.v3.1.23.0131b-dL.zip"
sh=E16A476004C1009490FC50D462BA22A13C5A0116 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Toolbar.Shopper.AB application" ac=I fn="E:\trekstor\My Downloads\Der Produzent ShareAccelerator.zip"
sh=866168B175E802C0669A843D04CA3C8482FEF7A8 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.FIHHLNQ trojan" ac=I fn="E:\trekstor\My Downloads\kenny the kooks rogers.wma"
sh=C7B993C5A5063247674161856C7C75D657A3DB1C ft=0 fh=0000000000000000 vn="WMA/TrojanDownloader.GetCodec.C trojan" ac=I fn="E:\trekstor\My Downloads\The Kooks - She moves in her own way(1).mp3"
sh=3579F640F40E5853C45AE45F08D74CE9C74305D8 ft=0 fh=0000000000000000 vn="Win32/TrojanDropper.Delf.XO trojan" ac=I fn="E:\trekstor\My Downloads\Xilisoft.FLV.Converter.v3.1.23.0131b-dL.zip"
sh=F5ECE63735C352F1E4E72144F5262633797A810D ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.JGIFYBE trojan" ac=I fn="F:\programme\Rhino3D\RhinoMarine\RhinoMarine.v4.0.1.rar"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
Hier noch die Logfile von FRST FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Leif (administrator) on LEIF-PC on 10-09-2013 20:08:30
Running from Q:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dropbox, Inc.) C:\Users\Leif\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\ExploitShield\fsesgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
() C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-10] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293256 2012-10-10] (Lenovo Group Limited)
HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [385928 2010-02-24] (Nokia)
HKLM-x32\...\Run: [F-Secure ExploitShield] - C:\Program Files (x86)\F-Secure\ExploitShield\fsesgui.exe [629376 2009-06-29] (F-Secure Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [5998144 2012-09-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Leif_2\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Leif_2\...\Run: [AdobeBridge] - [x]
HKU\UpdatusUser\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-03] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-10-03] (NVIDIA Corporation)
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Leif\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\firefox@ghostery.com.xpi
FF Extension: groovesharkUnlocker - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Drive) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Website Logon) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0
CHR Extension: (Google Search) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 ExploitShield; C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe [326272 2009-06-29] (F-Secure Corporation)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-08-09] (AuthenTec, Inc)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187784 2012-10-10] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-10 15:04 - 2013-09-10 15:04 - 96940255 _____ C:\Windows\SysWOW64\掣潗
2013-09-10 12:28 - 2013-09-10 12:28 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-10 12:27 - 2013-09-10 12:27 - 02347384 _____ (ESET) C:\Users\Leif\Downloads\esetsmartinstaller_enu.exe
2013-09-10 10:44 - 2013-09-10 10:44 - 00002629 _____ C:\Users\Leif\Desktop\JRT.txt
2013-09-10 10:28 - 2013-09-10 10:28 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 10:24 - 2013-09-10 10:25 - 00000000 ____D C:\AdwCleaner
2013-09-10 10:12 - 2013-09-10 10:12 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\Users\Leif\AppData\Roaming\Malwarebytes
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 10:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-10 10:11 - 2013-09-10 10:11 - 01029490 _____ (Thisisu) C:\Users\Leif\Downloads\JRT.exe
2013-09-10 10:10 - 2013-09-10 10:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leif\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 10:10 - 2013-09-10 10:10 - 01037278 _____ C:\Users\Leif\Downloads\adwcleaner.exe
2013-09-10 09:43 - 2013-09-10 09:43 - 00029385 _____ C:\ComboFix.txt
2013-09-10 09:32 - 2013-09-10 09:32 - 00001453 _____ C:\Users\Leif\Desktop\ComboFix - Verknüpfung.lnk
2013-09-09 21:24 - 2013-09-09 21:24 - 00013005 _____ C:\Users\Leif_2\Desktop\Unbenannt 1.odt
2013-09-09 21:09 - 2013-09-09 21:09 - 00740928 _____ C:\Windows\Minidump\090913-6848-01.dmp
2013-09-09 20:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-09 20:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-09 20:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-09 20:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-09 20:33 - 2013-09-10 09:43 - 00000000 ____D C:\Qoobox
2013-09-09 20:33 - 2013-09-10 09:41 - 00000000 ____D C:\Windows\erdnt
2013-09-09 20:31 - 2013-09-09 20:31 - 05124371 ____R (Swearware) C:\Users\Leif\Downloads\ComboFix.exe
2013-09-09 19:33 - 2013-09-09 19:33 - 00000000 ____D C:\FRST
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 _____ C:\Users\Leif\defogger_reenable
2013-09-09 19:30 - 2013-09-10 09:30 - 00015182 _____ C:\Users\Leif_2\Desktop\xx.odt
2013-09-05 21:43 - 2013-09-05 21:43 - 00000000 ____D C:\Users\Leif_2\Desktop\plage
2013-09-05 13:46 - 2013-09-07 11:55 - 92693019 _____ C:\Users\Leif_2\Desktop\lieke.psd
2013-09-04 11:27 - 2013-09-10 00:08 - 00000000 ____D C:\Users\Leif_2\Desktop\fuer bewerbung
2013-08-28 18:38 - 2013-08-28 20:19 - 00000000 ____D C:\Users\Leif_2\Desktop\din
2013-08-23 21:16 - 2013-08-23 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 14:44 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:44 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 14:44 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 14:44 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 14:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 14:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:44 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 14:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 14:43 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:43 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:43 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:43 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:43 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 11:54 - 2013-08-15 14:41 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:29 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 10:29 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 10:29 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 10:29 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 10:29 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 10:29 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 10:29 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 10:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 10:29 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 10:29 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 10:29 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 10:29 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 10:29 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 10:29 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 10:29 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 10:29 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 10:29 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 10:29 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 16:31 - 2013-08-11 16:31 - 00008557 _____ C:\Users\Leif_2\Documents\buch.odt
==================== One Month Modified Files and Folders =======
2013-09-10 20:04 - 2013-09-10 20:04 - 00891144 _____ C:\Users\Leif\Downloads\SecurityCheck.exe
2013-09-10 15:04 - 2013-09-10 15:04 - 96940255 _____ C:\Windows\SysWOW64\掣潗
2013-09-10 12:29 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-10 12:29 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-10 12:29 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 12:28 - 2013-09-10 12:28 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-10 12:27 - 2013-09-10 12:27 - 02347384 _____ (ESET) C:\Users\Leif\Downloads\esetsmartinstaller_enu.exe
2013-09-10 11:04 - 2012-11-10 12:47 - 01830308 _____ C:\Windows\WindowsUpdate.log
2013-09-10 10:44 - 2013-09-10 10:44 - 00002629 _____ C:\Users\Leif\Desktop\JRT.txt
2013-09-10 10:33 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 10:33 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 10:28 - 2013-09-10 10:28 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 10:26 - 2013-04-16 07:42 - 00084259 _____ C:\Windows\setupact.log
2013-09-10 10:26 - 2013-03-02 10:26 - 00000000 ___RD C:\Users\Leif\Dropbox
2013-09-10 10:26 - 2013-03-02 10:24 - 00000000 ____D C:\Users\Leif\AppData\Roaming\Dropbox
2013-09-10 10:25 - 2013-09-10 10:24 - 00000000 ____D C:\AdwCleaner
2013-09-10 10:21 - 2013-04-16 15:08 - 00013288 _____ C:\Windows\PFRO.log
2013-09-10 10:12 - 2013-09-10 10:12 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\Users\Leif\AppData\Roaming\Malwarebytes
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 10:12 - 2013-09-10 10:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 10:11 - 2013-09-10 10:11 - 01029490 _____ (Thisisu) C:\Users\Leif\Downloads\JRT.exe
2013-09-10 10:10 - 2013-09-10 10:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leif\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 10:10 - 2013-09-10 10:10 - 01037278 _____ C:\Users\Leif\Downloads\adwcleaner.exe
2013-09-10 09:43 - 2013-09-10 09:43 - 00029385 _____ C:\ComboFix.txt
2013-09-10 09:43 - 2013-09-09 20:33 - 00000000 ____D C:\Qoobox
2013-09-10 09:43 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-10 09:42 - 2012-11-10 12:47 - 00000000 ___RD C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-10 09:41 - 2013-09-09 20:33 - 00000000 ____D C:\Windows\erdnt
2013-09-10 09:40 - 2009-07-14 04:34 - 66060288 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 16515072 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-10 09:40 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-10 09:39 - 2012-11-11 14:50 - 00000000 ____D C:\Users\Leif_2
2013-09-10 09:32 - 2013-09-10 09:32 - 00001453 _____ C:\Users\Leif\Desktop\ComboFix - Verknüpfung.lnk
2013-09-10 09:30 - 2013-09-09 19:30 - 00015182 _____ C:\Users\Leif_2\Desktop\xx.odt
2013-09-10 00:08 - 2013-09-04 11:27 - 00000000 ____D C:\Users\Leif_2\Desktop\fuer bewerbung
2013-09-10 00:08 - 2012-11-13 00:40 - 00000000 ____D C:\Users\Leif_2\AppData\Roaming\MediaMonkey
2013-09-09 21:24 - 2013-09-09 21:24 - 00013005 _____ C:\Users\Leif_2\Desktop\Unbenannt 1.odt
2013-09-09 21:09 - 2013-09-09 21:09 - 00740928 _____ C:\Windows\Minidump\090913-6848-01.dmp
2013-09-09 21:09 - 2013-03-15 09:06 - 00000000 ____D C:\Windows\Minidump
2013-09-09 21:09 - 2012-11-10 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-09 20:31 - 2013-09-09 20:31 - 05124371 ____R (Swearware) C:\Users\Leif\Downloads\ComboFix.exe
2013-09-09 19:33 - 2013-09-09 19:33 - 00000000 ____D C:\FRST
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 _____ C:\Users\Leif\defogger_reenable
2013-09-09 19:32 - 2012-11-10 12:47 - 00000000 ____D C:\Users\Leif
2013-09-09 19:28 - 2012-11-11 15:47 - 00000000 ____D C:\Users\Leif_2\AppData\Roaming\Skype
2013-09-07 11:55 - 2013-09-05 13:46 - 92693019 _____ C:\Users\Leif_2\Desktop\lieke.psd
2013-09-05 21:43 - 2013-09-05 21:43 - 00000000 ____D C:\Users\Leif_2\Desktop\plage
2013-09-05 10:33 - 2012-11-11 15:10 - 00000000 ____D C:\Users\Leif_2\Graphisoft
2013-09-04 15:29 - 2013-05-06 13:49 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 15:29 - 2013-03-28 09:14 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 15:29 - 2013-03-28 09:14 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 20:19 - 2013-08-28 18:38 - 00000000 ____D C:\Users\Leif_2\Desktop\din
2013-08-23 21:16 - 2013-08-23 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 14:41 - 2013-08-15 11:54 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 11:54 - 2012-11-12 16:22 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 00008557 _____ C:\Users\Leif_2\Documents\buch.odt
Files to move or delete:
====================
C:\Users\Leif_2\3t1tts9nq9678.exe
C:\Users\Leif\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Leif\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 13:47
==================== End Of Log ============================
--- --- --- |
|
11.09.2013, 07:17
| #10 |
| /// the machine /// TB-Ausbilder | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Ignorier Securitycheck, den einen Stick einfch mit deinem AV Programm testen. Alle Funde von ESET auf E: einfach von hand löschen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Leif_2\AppData\Roaming\noc\1.bat
E:\RECYCLER
C:\Users\Leif_2\3t1tts9nq9678.exe
C:\Users\Leif\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Leif\AppData\Local\Temp\Quarantine.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2013, 09:19
| #11 |
| | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Guten Morgen, ich konnte eine Datei von Eset nicht löschen. Und zwar diese hier (von meiner externen Festplatte) Code:
ATTFilter sh=CD0730758A00C5A3BEE17F91F468DA31B98887A8 ft=1 fh=2d65a64a26fac911 vn="Win32/Conficker.AA worm" ac=I fn="E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx"
Ich habe gerade meinen Virenscanner wieder aktiviert und da wurde irgendeine registry-Datei gemeldet, auf die zugegriffen werden sollte oder so. Ich habe mir leider nicht gemerkt, was genau dort stand. Kann ich das erstmal ignorieren? Und noch eine Frage, ist es nun von Nöten, da mein PC ja nicht Virenfrei gewesen ist, alle Passwörter zu ändern? hier die FixLog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013
Ran by Leif at 2013-09-11 09:48:17 Run:1
Running from Q:\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Leif_2\AppData\Roaming\noc\1.bat
E:\RECYCLER
C:\Users\Leif_2\3t1tts9nq9678.exe
C:\Users\Leif\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Leif\AppData\Local\Temp\Quarantine.exe
*****************
"C:\Users\Leif_2\AppData\Roaming\noc\1.bat" => File/Directory not found.
"E:\RECYCLER" => File/Directory not found.
C:\Users\Leif_2\3t1tts9nq9678.exe => Moved successfully.
C:\Users\Leif\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
C:\Users\Leif\AppData\Local\Temp\Quarantine.exe => Moved successfully.
==== End of Fixlog ====
|
|
11.09.2013, 12:49
| #12 |
| /// the machine /// TB-Ausbilder | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Einfach den Papierkorb leeren, das sollte schon reichen. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.09.2013, 18:17
| #13 |
| | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Hallo, vielen Dank schonmal der Virus ist jetzt hoffentlich weg. Also muss ich mir mit der Datei auf der ext. Festplatte, die ich nicht löschen konnte ,keine Sorgen machen? Empfiehlt es sich jetzt meine Passwörter ändern? Und mein Fingerscanner funktioniert jetzt nicht mehr, gibt es da einen Zusammenhang? Mit z.B. Malwarebytes oder so? |
|
13.09.2013, 08:18
| #14 |
| /// the machine /// TB-Ausbilder | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Wenn Du den Papierkorb geleert hast passt das. Treiber schonmal neu installiert? Und ja, Passwörter ändern ist Pflicht
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2013, 12:37
| #15 |
| | Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Hallo, dann sind keine weiteren Fragen mehr vorhanden! Treiber habe ich noch nicht installiert, werde ich dann mal versuchen. Aber diesen Fingerprint brauche ich sowieso nicht so dringend  Vielen Dank nochmal für die super Hilfe!! |
|
Linear-Darstellung
