|
Plagegeister aller Art und deren Bekämpfung: Inkassozahlungsaufforderung mit Trojaner im Anhang?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.02.2014, 15:01 | #1 |
| Inkassozahlungsaufforderung mit Trojaner im Anhang? Hallo TrojanerBoard team! Ich habe vor einer Weile ein email bekommen in der ich aufgefordert wurde nun endlich angeblich bestellte Ware zu bezahlen , ein Betrag von ca.250€, sonst würden gerichtliche Schritte eingeleitet....ich habe im ersten Moment den Anhang nicht geöffnet.....Nun aber doch überkam es mich und ich wollte in diesen angeblichen Beleg einsehen......ich klickte also den Anhang an und sofort meldete Kaspersky....Bedrohungen....Malware!!!! und ich konnte das Fenster nichter mehr zumachen, da hieß es dass ein anderes Programm auf diesen Anhang zugreift....!!!!! Kaspersky meldete Compuer unsicher , bedroht!!!! Kurz darauf aber zeigte es wieder SICHER an und KEINE BEDROHUNGEN!!! Doch kommt mir das nicht geheuer vor...irgendetwas schleichendes könnte im Gange sein... Ich hab Angst, mir einen Trojaner einghandelt zu haben, was meine ersten Forschungen ergeben haben, dass in solchen Anhängen Trojaner versteckt sind....ohhhh, hätte ich das blos nicht angeklickt !!!! Was soll ich nun tun??? Ich habe ein lenovo Lap top mit Windows Vista Business seit kurzem erst und wäre Euch um Eure Hilfe sehr dankbar. Liebe Grüße Min |
26.02.2014, 16:20 | #2 |
/// the machine /// TB-Ausbilder | Inkassozahlungsaufforderung mit Trojaner im Anhang? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
23.03.2014, 16:14 | #3 |
| Inkassozahlungsaufforderung mit Trojaner im Anhang? hallo!
__________________ich danke dir sehr .......sorry für meine verspätete Rraktion. Ich war krank geworden und ne Weile ausgeschaltet. Hier nun die zwei Dateien FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Systemadministrator (administrator) on SYSTEM on 23-03-2014 14:48:58 Running from C:\Users\Systemadministrator\Downloads Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\system32\DTS.exe (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (AuthenTec, Inc.) C:\Windows\system32\AtService.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe (Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec) HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [102400 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [CreateLMBCShortCut] - C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [40960 2010-02-16] () HKLM\...\Run: [] - [X] HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [4446784 2012-09-24] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [186248 2012-09-20] (Lenovo.) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation) HKLM\...\Run: [IaNvSrv] - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33304 2009-10-06] (Intel Corporation) HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [433248 2012-05-30] (Lenovo) HKLM\...\Run: [picon] - C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] () HKLM\...\Run: [ATUpdatePBA.ltp] - C:\Windows\system32\ATUpdatePBA.exe [227144 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [LPManager] - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [LPMailChecker] - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379064 2012-10-17] (Synaptics Incorporated) HKLM\...\Run: [AMSG] - C:\Program Files\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO) HKLM\...\Run: [TPKMAPHELPER] - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [992816 2007-02-26] (Lenovo) HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.) HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [62240 2009-08-04] (Lenovo Group Limited) HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\Run: [Facebook Update] - C:\Users\Systemadministrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-10] (Facebook Inc.) HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\MountPoints2: {7b6eb850-678a-11e3-81ad-028037ec0200} - E:\Startme.exe HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\MountPoints2: {83098915-5efe-11e2-a516-806e6f6e6963} - D:\AUTORUN.EXE Lsa: [Notification Packages] scecli ACGina ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=26606eb9-7474-a0d6-aed1-d9705a6035b4&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000 SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=26606eb9-7474-a0d6-aed1-d9705a6035b4&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000 SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=26606eb9-7474-a0d6-aed1-d9705a6035b4&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=26606eb9-7474-a0d6-aed1-d9705a6035b4&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Systemadministrator\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-732048308-2395046871-4071129892-1000\FireFox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Systemadministrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-01] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP436E8142-630E-4F79-8858-29F9750AFCB3&SSPV= CHR RestoreOnStartup: "https://www.google.de/", "https://www.google.de/" CHR Extension: (Google Docs) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13] CHR Extension: (Google Drive) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13] CHR Extension: (YouTube) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13] CHR Extension: (Google-Suche) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13] CHR Extension: (Google Wallet) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] CHR Extension: (Google Mail) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2011-05-31] () R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2011-05-31] () R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited) S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited) R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo) R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation) S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [X] ==================== Drivers (Whitelisted) ==================== S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4172288 2009-04-01] (ATI Technologies Inc.) S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [2473472 2009-04-01] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-01] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576096 2014-02-18] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-01] (Kaspersky Lab ZAO) S3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [81280 2007-06-08] (Lenovo) R3 lnvobus; C:\Windows\System32\DRIVERS\lnvobus.sys [282880 2008-12-16] (MCCI Corporation) R3 lnvocard; C:\Windows\System32\DRIVERS\lnvocard.sys [356480 2008-12-16] (MCCI Corporation) R3 lnvogps; C:\Windows\System32\DRIVERS\lnvogps.sys [77864 2008-10-23] (Ericsson AB) R3 lnvomdfl; C:\Windows\System32\DRIVERS\lnvomdfl.sys [15104 2008-12-16] (MCCI Corporation) R3 lnvomdfl2; C:\Windows\System32\DRIVERS\lnvomdfl2.sys [15104 2008-12-16] (MCCI Corporation) R3 lnvomdm; C:\Windows\System32\DRIVERS\lnvomdm.sys [365056 2008-12-16] (MCCI Corporation) R3 lnvomdm2; C:\Windows\System32\DRIVERS\lnvomdm2.sys [408960 2008-12-16] (MCCI Corporation) R3 lnvond5; C:\Windows\System32\DRIVERS\lnvond5.sys [25984 2008-12-16] (MCCI Corporation) R3 lnvounic; C:\Windows\System32\DRIVERS\lnvounic.sys [375424 2008-12-16] (MCCI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [7346176 2011-10-31] (Intel Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [38200 2012-10-17] (Synaptics Incorporated) R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\lnvoscard.sys [24232 2008-07-08] (Sony Ericsson) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-02-18] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-23 14:48 - 2014-03-23 14:50 - 00022682 _____ () C:\Users\Systemadministrator\Downloads\FRST.txt 2014-03-23 14:47 - 2014-03-23 14:48 - 00000000 ____D () C:\FRST 2014-03-23 14:44 - 2014-03-23 14:44 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST.exe 2014-03-14 03:04 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 03:04 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 03:04 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 03:04 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 03:04 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-14 03:04 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 03:04 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-14 03:04 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 03:03 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 03:03 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 03:03 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 03:03 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 03:03 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 03:03 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-14 03:03 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 03:03 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 12:43 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 12:43 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 12:43 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 12:42 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-08 08:57 - 2014-03-08 08:57 - 00000000 ____D () C:\ProgramData\WindowsSearch 2014-02-22 12:03 - 2014-02-22 12:03 - 00002011 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk 2014-02-22 11:59 - 2014-02-22 11:59 - 32479160 _____ (DVDVideoSoft Ltd. ) C:\Users\Systemadministrator\FreeYouTubeDownload.exe ==================== One Month Modified Files and Folders ======= 2014-03-23 14:50 - 2014-03-23 14:48 - 00022682 _____ () C:\Users\Systemadministrator\Downloads\FRST.txt 2014-03-23 14:48 - 2014-03-23 14:47 - 00000000 ____D () C:\FRST 2014-03-23 14:48 - 2012-10-09 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-23 14:46 - 2006-11-02 13:47 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-23 14:46 - 2006-11-02 13:47 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-23 14:44 - 2014-03-23 14:44 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST.exe 2014-03-23 14:25 - 2014-02-01 15:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-23 13:43 - 2014-02-10 16:38 - 00000984 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000UA.job 2014-03-23 10:50 - 2008-01-21 02:39 - 01568330 _____ () C:\Windows\WindowsUpdate.log 2014-03-22 16:43 - 2014-02-10 16:38 - 00000962 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000Core.job 2014-03-21 14:48 - 2008-01-21 09:32 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-19 10:03 - 2014-01-17 20:00 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-19 10:02 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-19 03:08 - 2013-10-22 12:07 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 03:02 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-14 03:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-03-14 03:26 - 2013-04-04 08:52 - 00228296 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 03:24 - 2012-10-09 14:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 03:23 - 2012-10-09 11:27 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-14 03:23 - 2006-11-02 14:01 - 00030568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-14 03:01 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-13 12:48 - 2012-10-09 10:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-13 12:48 - 2012-10-09 10:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-12 10:02 - 2012-10-09 09:21 - 00008404 _____ () C:\Users\Systemadministrator\AppData\Local\d3d9caps.dat 2014-03-08 08:57 - 2014-03-08 08:57 - 00000000 ____D () C:\ProgramData\WindowsSearch 2014-03-02 12:43 - 2013-04-04 08:54 - 00004756 _____ () C:\Windows\setupact.log 2014-02-28 18:41 - 2012-10-09 09:21 - 00000000 ____D () C:\Users\Systemadministrator 2014-02-26 15:38 - 2013-04-04 08:52 - 00587200 _____ () C:\Windows\PFRO.log 2014-02-26 03:26 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-23 06:50 - 2014-03-14 03:03 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-23 06:47 - 2014-03-14 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-23 06:43 - 2014-03-14 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-23 06:41 - 2014-03-14 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-23 06:40 - 2014-03-14 03:04 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-23 06:39 - 2014-03-14 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-23 06:38 - 2014-03-14 03:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-23 06:38 - 2014-03-14 03:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-23 06:38 - 2014-03-14 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-23 06:37 - 2014-03-14 03:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-23 06:37 - 2014-03-14 03:04 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-23 06:37 - 2014-03-14 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-23 06:37 - 2014-03-14 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-23 06:36 - 2014-03-14 03:04 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-23 06:36 - 2014-03-14 03:04 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-23 06:35 - 2014-03-14 03:04 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-22 12:04 - 2014-02-01 21:44 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\DVDVideoSoft 2014-02-22 12:03 - 2014-02-22 12:03 - 00002011 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk 2014-02-22 12:03 - 2014-02-01 21:45 - 00001032 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-02-22 12:03 - 2014-02-01 21:44 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2014-02-22 12:02 - 2014-02-01 21:44 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-02-22 11:59 - 2014-02-22 11:59 - 32479160 _____ (DVDVideoSoft Ltd. ) C:\Users\Systemadministrator\FreeYouTubeDownload.exe Files to move or delete: ==================== C:\Users\Systemadministrator\FacebookVideoCallSetup_v1.2.205.0.exe C:\Users\Systemadministrator\FreeYouTubeDownload.exe C:\Users\Systemadministrator\FreeYouTubeToMP3Converter.exe Some content of TEMP: ==================== C:\Users\Systemadministrator\AppData\Local\Temp\avgnt.exe C:\Users\Systemadministrator\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Systemadministrator\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-19 22:10 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Systemadministrator at 2014-03-23 14:52:04 Running from C:\Users\Systemadministrator\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.62.01 - ) AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP) Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.21.0006.00 - Lenovo Group Limited) Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.15.0 - Conexant) Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Dienstprogramm 'ThinkPad-Tastaturanpassung' (HKLM\...\{2111B23F-7FDA-4A41-8309-E5A1663CA296}) (Version: 1.0.01 - ) Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.36 - ) Ergänzung zu Productivity Center für ThinkPad (HKLM\...\{D728E945-256D-4477-B377-6BBA693714AC}) (Version: 3.00b - ) Ericsson Wireless Module Core (HKLM\...\{64211D43-D195-413C-A7E7-666C10B53E1F}) (Version: 1.0.1046.227 - Lenovo) Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) FileParade Bundle (HKLM\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION Free YouTube Download version 3.2.23.219 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.23.219 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.23.219 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.) Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00n - ) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation) Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{C8005A7B-9638-41DD-B83B-AF277754E211}) (Version: 14.03.0000 - Intel Corporation) Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version: - Intel Corporation) Intel® Matrix Storage Manager und Intel® Turbo Memory (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Intel® Turbo Memory (HKLM\...\{31423F74-36B2-4d24-B10D-CD00BFB7C118}) (Version: - Intel Corporation) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Fingerprint Software (HKLM\...\{3D8994A3-02A8-45B5-B955-53E608BC69ED}) (Version: 3.3.2.50 - AuthenTec, Inc.) Lenovo Patch Utility (HKLM\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - ) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01g - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobile Broadband Connect (HKLM\...\{C7E2FF9D-D503-4312-B769-6B0284B161CC}) (Version: 3.4.0071 - Lenovo) Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) pdfFactory (HKLM\...\pdfFactory) (Version: 5.01 - FinePrint Software, LLC) Präsentationsdirektor (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.32 - ) Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - ) Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (HKLM\...\Dipmon) (Version: 1.01 - ) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.02 - ) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.1.201312191309 - Sony Mobile Communications AB) Sony PC Companion 2.10.188 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony) System Migration Assistant (HKLM\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.) System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.16.0006 - Lenovo) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Mobility Center Customization (HKLM\...\{90FABD40-E741-446F-839D-CEAE905D63BE}) (Version: 1.50.0000 - Lenovo) ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.50 - Conexant Systems) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - ) ThinkPad-Dienstprogramm 'EasyEject' (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.39 - ) ThinkVantage Access Connections (HKLM\...\{4D828D53-4443-45C6-86DE-23B1562107FE}) (Version: 5.90 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo) ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 3.11 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.9 - Lenovo) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.) Yahoo Community Smartbar (HKLM\...\{657187F0-8B08-41D3-8468-813BB85AE09E}) (Version: 10.201.66.14591 - Linkury Inc.) <==== ATTENTION Yahoo Community Smartbar Engine (HKCU\...\{484b7cba-7934-4616-b815-dbb8962f3fc3}) (Version: 10.201.66.14591 - Linkury Inc.) <==== ATTENTION ==================== Restore Points ========================= 25-02-2014 14:20:14 Geplanter Prüfpunkt 26-02-2014 02:00:11 Windows Update 26-02-2014 15:30:05 Geplanter Prüfpunkt 27-02-2014 15:42:16 Geplanter Prüfpunkt 03-03-2014 21:18:39 Geplanter Prüfpunkt 04-03-2014 10:26:33 Windows Update 07-03-2014 16:09:29 Windows Update 09-03-2014 09:18:39 Geplanter Prüfpunkt 10-03-2014 14:38:19 Geplanter Prüfpunkt 11-03-2014 13:30:30 Windows Update 14-03-2014 02:00:14 Windows Update 18-03-2014 13:05:05 Windows Update 19-03-2014 02:00:13 Windows Update 19-03-2014 23:02:57 Geplanter Prüfpunkt 21-03-2014 09:54:12 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0CAB7B68-718C-40E0-B83B-89DDF7007DC8} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {1A618B60-9FEA-4629-ABAF-3616994EECC1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {43A15DD6-E3D6-4308-8B7C-70BBEF882B70} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated) Task: {75D32AB1-5FF8-4C09-8D4E-4789450AD471} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {AAF41FBC-E782-41F1-A68D-96338334F234} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000Core => C:\Users\Systemadministrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-10] (Facebook Inc.) Task: {E3F1EA11-D80E-49CB-B27F-993F7B89C046} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000UA => C:\Users\Systemadministrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-10] (Facebook Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000Core.job => C:\Users\Systemadministrator\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000UA.job => C:\Users\Systemadministrator\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-05-31 05:26 - 2011-05-31 05:26 - 00098304 _____ () C:\Windows\system32\DTS.exe 2012-10-09 13:09 - 2012-09-24 06:36 - 00095232 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL 2011-01-24 11:35 - 2011-01-24 11:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll 2012-05-30 15:10 - 2012-05-30 15:10 - 00086016 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll 2013-01-15 16:19 - 2013-01-15 16:19 - 00327680 _____ () C:\Windows\assembly\GAC_32\Card\1.0.1046.2__ece1255042753361\Card.dll 2013-01-15 16:19 - 2013-01-15 16:19 - 00077824 _____ () C:\Windows\assembly\GAC_32\Device\1.0.1046.2__f9a0bdfb8030d397\Device.dll 2013-01-15 16:19 - 2013-01-15 16:19 - 00286720 _____ () C:\Windows\assembly\GAC_MSIL\F3507gAPI_SMS\1.0.1046.2__e8fe0a3eac40c0d1\F3507gAPI_SMS.dll 2012-10-09 13:09 - 2012-09-24 06:36 - 00114176 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMROV.DLL 2014-01-22 16:15 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll 2014-01-22 16:15 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll 2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll 2014-01-22 16:15 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll 2014-01-03 10:38 - 2014-01-03 10:38 - 00571392 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll 2013-06-11 09:31 - 2013-06-11 09:31 - 00090112 _____ () C:\Program Files\Sony\Sony PC Companion\CalEngine.dll 2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files\Sony\Sony PC Companion\CAgdLNotes.dll 2013-01-08 17:02 - 2013-01-08 17:02 - 00163840 _____ () C:\Program Files\Sony\Sony PC Companion\CAgdOutlook.dll 2012-07-26 11:51 - 2012-07-26 11:51 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\VistaCalendar.dll 2014-01-22 16:15 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll 2014-01-22 16:15 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe 2014-02-15 23:20 - 2014-02-15 23:20 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/21/2014 10:58:32 AM) (Source: Google Update) (User: SYSTEM) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned Error: (03/21/2014 10:53:24 AM) (Source: Google Update) (User: SYSTEM) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned Error: (03/19/2014 10:02:57 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2014 03:27:02 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/10/2014 03:38:53 PM) (Source: Google Update) (User: SYSTEM) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned Error: (03/07/2014 00:18:16 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_12_0_0_70.exe, Version 12.0.0.70, Zeitstempel 0x53016278, fehlerhaftes Modul FlashPlayerPlugin_12_0_0_70.exe, Version 12.0.0.70, Zeitstempel 0x53016278, Ausnahmecode 0x40000015, Fehleroffset 0x000180f0, Prozess-ID 0x12fc, Anwendungsstartzeit FlashPlayerPlugin_12_0_0_70.exe0. Error: (03/02/2014 00:40:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 03:39:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 03:31:45 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2014 01:51:30 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SYSTEMADMINISTRATOR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\993OI659.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (03/21/2014 04:22:04 PM) (Source: PlugPlayManager) (User: ) Description: Das Gerät "SEMC Mass Storage USB Device" (USBSTOR\Disk&Ven_SEMC&Prod_Mass_Storage&Rev_0100\43423541314441504D4A&0) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error: (03/21/2014 04:22:04 PM) (Source: PlugPlayManager) (User: ) Description: Das Gerät "USB-Massenspeichergerät" (USB\VID_0FCE&PID_E14F\43423541314441504D4A) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error: (03/21/2014 11:20:34 AM) (Source: PlugPlayManager) (User: ) Description: Das Gerät "Intel(R) WiFi Link 5100 AGN #5" (PCI\VEN_8086&DEV_4237&SUBSYS_12118086&REV_00\FF4D773C00) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error: (03/21/2014 11:20:21 AM) (Source: PlugPlayManager) (User: ) Description: Das Gerät "Intel(R) WiFi Link 5100 AGN #5" (PCI\VEN_8086&DEV_4237&SUBSYS_12118086&REV_00\FF4D773C00) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error: (03/21/2014 11:19:34 AM) (Source: Dhcp) (User: ) Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 0022681BABDD zugeteilt werden. Der folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error: (03/21/2014 11:01:02 AM) (Source: Dhcp) (User: ) Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 0022681BABDD zugeteilt werden. Der folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error: (03/20/2014 07:07:20 PM) (Source: ipnathlp) (User: ) Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error: (03/20/2014 07:07:03 PM) (Source: Service Control Manager) (User: ) Description: 30000AcSvc Error: (03/20/2014 07:06:33 PM) (Source: Service Control Manager) (User: ) Description: 30000btwdins Error: (03/20/2014 07:06:03 PM) (Source: Service Control Manager) (User: ) Description: 30000AVP Microsoft Office Sessions: ========================= Error: (03/21/2014 10:58:32 AM) (Source: Google Update)(User: SYSTEM) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned Error: (03/21/2014 10:53:24 AM) (Source: Google Update)(User: SYSTEM) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned Error: (03/19/2014 10:02:57 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2014 03:27:02 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/10/2014 03:38:53 PM) (Source: Google Update)(User: SYSTEM) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned Error: (03/07/2014 00:18:16 PM) (Source: Application Error)(User: ) Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278FlashPlayerPlugin_12_0_0_70.exe12.0.0.705301627840000015000180f012fc01cf361472fc3fc0 Error: (03/02/2014 00:40:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 03:39:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 03:31:45 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2014 01:51:30 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SYSTEMADMINISTRATOR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\993OI659.DEFAULT\SAFEBROWSING-TO_DELETE CodeIntegrity Errors: =================================== Date: 2014-03-23 14:50:24.006 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:22.963 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:21.804 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:20.963 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:20.401 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:19.657 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:19.250 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:18.640 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:17.884 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klpd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-23 14:50:17.465 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klpd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 83% Total physical RAM: 1941.25 MB Available physical RAM: 322.99 MB Total Pagefile: 4131.5 MB Available Pagefile: 681.58 MB Total Virtual: 2047.88 MB Available Virtual: 1904.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.05 GB) (Free:90.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (UA0172) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 80BA507A) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ liebe Grüße min |
24.03.2014, 11:23 | #4 |
/// the machine /// TB-Ausbilder | Inkassozahlungsaufforderung mit Trojaner im Anhang? Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.03.2014, 21:02 | #5 |
| Inkassozahlungsaufforderung mit Trojaner im Anhang? Danke dir schrauber.... hier die log von combo.fix Code:
ATTFilter ComboFix 14-03-24.01 - Systemadministrator 24.03.2014 17:42:35.2.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.1941.1059 [GMT 1:00] ausgeführt von:: c:\users\Systemadministrator\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Systemadministrator\FacebookVideoCallSetup_v1.2.205.0.exe c:\users\Systemadministrator\FreeYouTubeDownload.exe c:\users\Systemadministrator\FreeYouTubeToMP3Converter.exe . . ((((((((((((((((((((((( Dateien erstellt von 2014-02-24 bis 2014-03-24 )))))))))))))))))))))))))))))) . . 2014-03-24 16:56 . 2014-03-24 16:57 -------- d-----w- c:\users\Systemadministrator\AppData\Local\temp 2014-03-24 16:56 . 2014-03-24 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-24 11:22 . 2014-03-24 11:22 -------- d-----w- c:\program files\VS Revo Group 2014-03-23 13:47 . 2014-03-23 13:54 -------- d-----w- C:\FRST 2014-03-22 01:19 . 2014-03-22 01:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1327844B-0BA5-4FEC-8E4D-8AC760DD464E}\offreg.dll 2014-03-21 15:08 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1327844B-0BA5-4FEC-8E4D-8AC760DD464E}\mpengine.dll 2014-03-14 02:03 . 2014-02-23 06:00 757488 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2014-03-14 02:03 . 2014-02-23 05:47 1806848 ----a-w- c:\windows\system32\jscript9.dll 2014-03-14 02:03 . 2014-02-23 05:40 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2014-03-14 02:03 . 2014-02-23 05:40 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll 2014-03-14 02:03 . 2014-02-23 05:40 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2014-03-14 02:03 . 2014-02-23 05:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-13 11:43 . 2014-02-03 10:37 505344 ----a-w- c:\windows\system32\qedit.dll 2014-03-13 11:43 . 2014-02-07 10:38 2050560 ----a-w- c:\windows\system32\win32k.sys 2014-03-13 11:43 . 2014-01-30 07:46 876032 ----a-w- c:\windows\system32\wer.dll 2014-03-13 11:42 . 2013-11-13 00:30 2048 ----a-w- c:\windows\system32\tzres.dll 2014-03-08 07:57 . 2014-03-08 07:57 -------- d-----w- c:\programdata\WindowsSearch 2014-02-25 02:05 . 2014-02-25 02:05 -------- d-----w- c:\windows\Migration . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-13 11:48 . 2012-10-09 09:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-03-13 11:48 . 2012-10-09 09:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-02-18 06:56 . 2013-10-17 14:47 25184 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2014-02-18 06:56 . 2014-02-01 14:25 94304 ----a-w- c:\windows\system32\drivers\klflt.sys 2014-02-01 14:52 . 2013-06-06 16:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys 2014-02-01 14:52 . 2013-10-17 14:47 135776 ----a-w- c:\windows\system32\drivers\kl1.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2014-02-19 19:15 294456 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X] "FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768] "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2010-02-16 40960] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-09-24 4446784] "TpShocks"="TpShocks.exe" [2012-09-20 186248] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2012-05-30 433248] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640] "ATUpdatePBA.ltp"="c:\windows\system32\ATUpdatePBA.exe" [2011-05-31 227144] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-06 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-06 171288] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-06 172824] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-10-17 2379064] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-04 3093816] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-10-9 50688] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2011-05-31 106496] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HsfXAudioService REG_MULTI_SZ HsfXAudioService LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 11:48] . 2014-03-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000Core.job - c:\users\Systemadministrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-10 15:38] . 2014-03-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000UA.job - c:\users\Systemadministrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-10 15:38] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 FF - ProfilePath - c:\users\Systemadministrator\AppData\Roaming\Mozilla\Firefox\Profiles\993oi659.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2014-03-24 17:56 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe???????????????????????????????????????????????????????????????????????????????????? . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2014-03-24 18:02:33 ComboFix-quarantined-files.txt 2014-03-24 17:02 . Vor Suchlauf: 11 Verzeichnis(se), 95.342.542.848 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 94.945.796.096 Bytes frei . - - End Of File - - 4FCB2F83F6D59B1BA87F3C366E490D3C 5C616939100B85E558DA92B899A0FC36 liebe grüße min |
25.03.2014, 12:36 | #6 |
/// the machine /// TB-Ausbilder | Inkassozahlungsaufforderung mit Trojaner im Anhang? Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Inkassozahlungsaufforderung mit Trojaner im Anhang? |
29.03.2014, 14:04 | #7 |
| Inkassozahlungsaufforderung mit Trojaner im Anhang? hi schrauber! danke dir für deine anweisungen....mbam habe ich zweimal gemacht. Beim ersten mal wurden zwei pups gefunden, die ich in Quarantäne verbannt habe...die log finde ich aber grade nicht und sende dir aber nun die wichtigere und zwar die grad vorher erstellte und aktuellste .... Hier die Logs, in folgender Reihenfolge: beginnend mit der mbam, AdwCl, JRT und FRST Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 28.03.2014 Suchlauf-Zeit: 17:32:27 Logdatei: mbamext.dll neu.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.03.28.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Systemadministrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 228077 Verstrichene Zeit: 12 Min, 58 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 27/03/2014 um 20:32:12 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits) # Benutzername : Systemadministrator - SYSTEM # Gestartet von : C:\Users\Systemadministrator\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Systemadministrator\AppData\Local\SearchProtect Datei Gelöscht : C:\Users\Systemadministrator\AppData\Roaming\Mozilla\Firefox\Profiles\993oi659.default\invalidprefs.js ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Systemadministrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE Schlüssel Gelöscht : HKLM\Software\SearchProtect ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16540 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\Systemadministrator\AppData\Roaming\Mozilla\Firefox\Profiles\993oi659.default\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : homepage ************************* AdwCleaner[R0].txt - [3742 octets] - [27/03/2014 20:05:48] AdwCleaner[S0].txt - [3452 octets] - [27/03/2014 20:32:12] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3512 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows Vista (TM) Business x86 Ran by Systemadministrator on 28.03.2014 at 10:29:18,37 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Systemadministrator\AppData\Roaming\mozilla\firefox\profiles\993oi659.default\minidumps [6 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.03.2014 at 10:36:26,59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Systemadministrator (administrator) on SYSTEM on 28-03-2014 18:39:03 Running from C:\Users\Systemadministrator\Downloads Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\system32\DTS.exe (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (AuthenTec, Inc.) C:\Windows\system32\AtService.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe (Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Tango Inc.) C:\Program Files\Tango\Tango.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec) HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [102400 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [CreateLMBCShortCut] - C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [40960 2010-02-16] () HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [4446784 2012-09-24] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [186248 2012-09-20] (Lenovo.) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation) HKLM\...\Run: [IaNvSrv] - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33304 2009-10-06] (Intel Corporation) HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [433248 2012-05-30] (Lenovo) HKLM\...\Run: [picon] - C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] () HKLM\...\Run: [ATUpdatePBA.ltp] - C:\Windows\system32\ATUpdatePBA.exe [227144 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [LPManager] - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [LPMailChecker] - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379064 2012-10-17] (Synaptics Incorporated) HKLM\...\Run: [AMSG] - C:\Program Files\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO) HKLM\...\Run: [TPKMAPHELPER] - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [992816 2007-02-26] (Lenovo) HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.) HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [62240 2009-08-04] (Lenovo Group Limited) HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited) HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\Run: [Tango] - C:\Program Files\Tango\Tango.exe [13489992 2011-11-04] (Tango Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Systemadministrator\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-732048308-2395046871-4071129892-1000\FireFox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Systemadministrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-01] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "https://www.google.de/", "https://www.google.de/" CHR Extension: (Google Docs) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13] CHR Extension: (Google Drive) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13] CHR Extension: (YouTube) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13] CHR Extension: (Google-Suche) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13] CHR Extension: (Google Wallet) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] CHR Extension: (Google Mail) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13] CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-01-13] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2011-05-31] () R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2011-05-31] () R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited) S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited) R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo) R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation) S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [X] ==================== Drivers (Whitelisted) ==================== S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4172288 2009-04-01] (ATI Technologies Inc.) S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [2473472 2009-04-01] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-01] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-25] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-01] (Kaspersky Lab ZAO) S3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [81280 2007-06-08] (Lenovo) R3 lnvobus; C:\Windows\System32\DRIVERS\lnvobus.sys [282880 2008-12-16] (MCCI Corporation) R3 lnvocard; C:\Windows\System32\DRIVERS\lnvocard.sys [356480 2008-12-16] (MCCI Corporation) R3 lnvogps; C:\Windows\System32\DRIVERS\lnvogps.sys [77864 2008-10-23] (Ericsson AB) R3 lnvomdfl; C:\Windows\System32\DRIVERS\lnvomdfl.sys [15104 2008-12-16] (MCCI Corporation) R3 lnvomdfl2; C:\Windows\System32\DRIVERS\lnvomdfl2.sys [15104 2008-12-16] (MCCI Corporation) R3 lnvomdm; C:\Windows\System32\DRIVERS\lnvomdm.sys [365056 2008-12-16] (MCCI Corporation) R3 lnvomdm2; C:\Windows\System32\DRIVERS\lnvomdm2.sys [408960 2008-12-16] (MCCI Corporation) R3 lnvond5; C:\Windows\System32\DRIVERS\lnvond5.sys [25984 2008-12-16] (MCCI Corporation) R3 lnvounic; C:\Windows\System32\DRIVERS\lnvounic.sys [375424 2008-12-16] (MCCI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation) R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [7346176 2011-10-31] (Intel Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [38200 2012-10-17] (Synaptics Incorporated) R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\lnvoscard.sys [24232 2008-07-08] (Sony Ericsson) S3 catchme; \??\C:\Users\SYSTEM~1\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-25] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 18:27 - 2014-03-28 18:27 - 00001608 _____ () C:\Users\Public\Desktop\Tango.lnk 2014-03-28 18:27 - 2014-03-28 18:27 - 00000000 ____D () C:\Program Files\Tango 2014-03-28 18:26 - 2014-03-28 18:27 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\tango 2014-03-28 12:39 - 2014-03-28 12:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-03-28 12:39 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-28 12:39 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-28 12:37 - 2014-03-28 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.0.1000(1).exe 2014-03-28 12:32 - 2014-03-28 12:33 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 12:30 - 2014-03-28 18:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-03-28 11:43 - 2014-03-28 11:43 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST(1).exe 2014-03-28 10:36 - 2014-03-28 10:36 - 00000789 _____ () C:\Users\Systemadministrator\Desktop\JRT.txt 2014-03-28 10:29 - 2014-03-28 10:29 - 00000000 ____D () C:\Windows\ERUNT 2014-03-28 10:28 - 2014-03-28 10:28 - 01038974 _____ (Thisisu) C:\Users\Systemadministrator\Downloads\JRT(1).exe 2014-03-28 10:27 - 2014-03-28 10:27 - 01038974 _____ (Thisisu) C:\Users\Systemadministrator\Downloads\JRT.exe 2014-03-27 20:05 - 2014-03-28 09:41 - 00000000 ____D () C:\AdwCleaner 2014-03-27 19:59 - 2014-03-27 19:59 - 01950720 _____ () C:\Users\Systemadministrator\Downloads\adwcleaner.exe 2014-03-26 16:25 - 2014-03-26 16:25 - 01950720 _____ () C:\Users\Systemadministrator\Desktop\adwcleaner.exe 2014-03-24 18:02 - 2014-03-24 18:02 - 00012897 _____ () C:\ComboFix.txt 2014-03-24 13:42 - 2014-03-24 13:42 - 00222064 _____ () C:\Windows\Minidump\Mini032414-01.dmp 2014-03-24 13:23 - 2014-03-24 18:02 - 00000000 ____D () C:\Qoobox 2014-03-24 13:23 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-24 13:23 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-24 13:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-24 13:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-24 13:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-24 13:23 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-24 13:23 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-24 13:23 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-24 13:21 - 2014-03-24 17:58 - 00000000 ____D () C:\Windows\erdnt 2014-03-24 13:18 - 2014-03-24 13:18 - 05192353 ____R (Swearware) C:\Users\Systemadministrator\Downloads\ComboFix.exe 2014-03-24 12:22 - 2014-03-24 12:28 - 00001057 _____ () C:\Users\Systemadministrator\Desktop\Revo Uninstaller.lnk 2014-03-24 12:22 - 2014-03-24 12:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-24 12:21 - 2014-03-24 12:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Systemadministrator\Downloads\revosetup95.exe 2014-03-23 14:52 - 2014-03-24 13:19 - 00033076 _____ () C:\Users\Systemadministrator\Downloads\Addition.txt 2014-03-23 14:48 - 2014-03-28 18:39 - 00021256 _____ () C:\Users\Systemadministrator\Downloads\FRST.txt 2014-03-23 14:47 - 2014-03-28 18:39 - 00000000 ____D () C:\FRST 2014-03-23 14:44 - 2014-03-23 14:44 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST.exe 2014-03-14 03:04 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 03:04 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 03:04 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 03:04 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 03:04 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-14 03:04 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 03:04 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-14 03:04 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 03:03 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 03:03 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 03:03 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 03:03 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 03:03 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 03:03 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-14 03:03 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 03:03 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 12:43 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 12:43 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 12:43 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 12:42 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-08 08:57 - 2014-03-08 08:57 - 00000000 ____D () C:\ProgramData\WindowsSearch ==================== One Month Modified Files and Folders ======= 2014-03-28 18:41 - 2014-03-23 14:48 - 00021256 _____ () C:\Users\Systemadministrator\Downloads\FRST.txt 2014-03-28 18:39 - 2014-03-23 14:47 - 00000000 ____D () C:\FRST 2014-03-28 18:39 - 2014-02-01 15:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-28 18:27 - 2014-03-28 18:27 - 00001608 _____ () C:\Users\Public\Desktop\Tango.lnk 2014-03-28 18:27 - 2014-03-28 18:27 - 00000000 ____D () C:\Program Files\Tango 2014-03-28 18:27 - 2014-03-28 18:26 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\tango 2014-03-28 18:19 - 2014-01-16 11:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-28 18:13 - 2014-03-28 12:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-03-28 18:12 - 2006-11-02 13:47 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-28 18:12 - 2006-11-02 13:47 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-28 17:48 - 2012-10-09 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-28 16:43 - 2014-02-10 16:38 - 00000984 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000UA.job 2014-03-28 16:43 - 2014-02-10 16:38 - 00000962 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000Core.job 2014-03-28 16:11 - 2008-01-21 02:39 - 01686672 _____ () C:\Windows\WindowsUpdate.log 2014-03-28 12:39 - 2014-03-28 12:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-03-28 12:39 - 2014-01-16 11:16 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-28 12:39 - 2014-01-16 11:16 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\Malwarebytes 2014-03-28 12:39 - 2014-01-16 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 12:37 - 2014-03-28 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.0.1000(1).exe 2014-03-28 12:33 - 2014-03-28 12:32 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 11:43 - 2014-03-28 11:43 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST(1).exe 2014-03-28 10:36 - 2014-03-28 10:36 - 00000789 _____ () C:\Users\Systemadministrator\Desktop\JRT.txt 2014-03-28 10:29 - 2014-03-28 10:29 - 00000000 ____D () C:\Windows\ERUNT 2014-03-28 10:28 - 2014-03-28 10:28 - 01038974 _____ (Thisisu) C:\Users\Systemadministrator\Downloads\JRT(1).exe 2014-03-28 10:27 - 2014-03-28 10:27 - 01038974 _____ (Thisisu) C:\Users\Systemadministrator\Downloads\JRT.exe 2014-03-28 09:47 - 2008-01-21 09:32 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-28 09:41 - 2014-03-27 20:05 - 00000000 ____D () C:\AdwCleaner 2014-03-28 08:41 - 2014-01-17 20:00 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-28 08:40 - 2013-04-04 08:52 - 00600460 _____ () C:\Windows\PFRO.log 2014-03-28 08:40 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-28 08:39 - 2012-10-09 11:27 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-28 08:39 - 2006-11-02 14:01 - 00031206 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-27 19:59 - 2014-03-27 19:59 - 01950720 _____ () C:\Users\Systemadministrator\Downloads\adwcleaner.exe 2014-03-26 16:25 - 2014-03-26 16:25 - 01950720 _____ () C:\Users\Systemadministrator\Desktop\adwcleaner.exe 2014-03-25 13:48 - 2014-01-22 18:16 - 00093840 _____ () C:\Windows\DpInst.log 2014-03-25 13:47 - 2014-01-22 16:15 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-03-25 13:46 - 2012-10-09 13:06 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-03-25 09:45 - 2014-02-01 15:25 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-25 09:45 - 2014-02-01 15:25 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-24 18:02 - 2014-03-24 18:02 - 00012897 _____ () C:\ComboFix.txt 2014-03-24 18:02 - 2014-03-24 13:23 - 00000000 ____D () C:\Qoobox 2014-03-24 18:02 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2014-03-24 18:02 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2014-03-24 17:58 - 2014-03-24 13:21 - 00000000 ____D () C:\Windows\erdnt 2014-03-24 17:56 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2014-03-24 17:55 - 2012-10-09 09:21 - 00000000 ____D () C:\Users\Systemadministrator 2014-03-24 13:42 - 2014-03-24 13:42 - 00222064 _____ () C:\Windows\Minidump\Mini032414-01.dmp 2014-03-24 13:42 - 2014-01-21 09:42 - 00000000 ____D () C:\Windows\Minidump 2014-03-24 13:42 - 2014-01-21 09:41 - 299955924 _____ () C:\Windows\MEMORY.DMP 2014-03-24 13:19 - 2014-03-23 14:52 - 00033076 _____ () C:\Users\Systemadministrator\Downloads\Addition.txt 2014-03-24 13:18 - 2014-03-24 13:18 - 05192353 ____R (Swearware) C:\Users\Systemadministrator\Downloads\ComboFix.exe 2014-03-24 12:28 - 2014-03-24 12:22 - 00001057 _____ () C:\Users\Systemadministrator\Desktop\Revo Uninstaller.lnk 2014-03-24 12:22 - 2014-03-24 12:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-24 12:21 - 2014-03-24 12:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Systemadministrator\Downloads\revosetup95.exe 2014-03-23 14:44 - 2014-03-23 14:44 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST.exe 2014-03-19 03:08 - 2013-10-22 12:07 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 03:02 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-14 03:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-03-14 03:26 - 2013-04-04 08:52 - 00228296 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 03:24 - 2012-10-09 14:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 03:01 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-13 12:48 - 2012-10-09 10:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-13 12:48 - 2012-10-09 10:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-12 10:02 - 2012-10-09 09:21 - 00008404 _____ () C:\Users\Systemadministrator\AppData\Local\d3d9caps.dat 2014-03-08 08:57 - 2014-03-08 08:57 - 00000000 ____D () C:\ProgramData\WindowsSearch 2014-03-05 09:26 - 2014-03-28 12:39 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-28 12:39 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-01-16 11:16 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-02 12:43 - 2013-04-04 08:54 - 00004756 _____ () C:\Windows\setupact.log 2014-02-26 03:26 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET Some content of TEMP: ==================== C:\Users\Systemadministrator\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-28 08:46 ==================== End Of Log ============================ Viele liebe Grüße und danke im Voraus für deine Mühe.... |
30.03.2014, 07:32 | #8 |
/// the machine /// TB-Ausbilder | Inkassozahlungsaufforderung mit Trojaner im Anhang?ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.04.2014, 14:36 | #9 |
| Inkassozahlungsaufforderung mit Trojaner im Anhang? Hier mit herzlichem Dank an Dich, Schrauber, die logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=7835fe4dc51f7545a9337fa44fd2d845 # engine=17724 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-02 08:15:49 # local_time=2014-04-02 10:15:49 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 110544 234002452 0 0 # scanned=188422 # found=2 # cleaned=0 # scan_time=23994 sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application" ac=I fn="E:\mine3\[NTFS]\Dokumente und Einstellungen\mine\Eigene Dateien\Downloads\MsgPlusLive-482.exe" sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application" ac=I fn="E:\Neuer Ordner\[NTFS]\Dokumente und Einstellungen\mine\Eigene Dateien\Downloads\MsgPlusLive-482.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader XI Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avp.exe Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avpui.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Systemadministrator (administrator) on SYSTEM on 03-04-2014 15:09:23 Running from C:\Users\Systemadministrator\Downloads Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\system32\DTS.exe (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (AuthenTec, Inc.) C:\Windows\system32\AtService.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe (Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Tango Inc.) C:\Program Files\Tango\Tango.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Intel Corporation) C:\Windows\system32\igfxext.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec) HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [102400 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [CreateLMBCShortCut] - C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [40960 2010-02-16] () HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [4446784 2012-09-24] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [186248 2012-09-20] (Lenovo.) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation) HKLM\...\Run: [IaNvSrv] - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33304 2009-10-06] (Intel Corporation) HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [433248 2012-05-30] (Lenovo) HKLM\...\Run: [picon] - C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] () HKLM\...\Run: [ATUpdatePBA.ltp] - C:\Windows\system32\ATUpdatePBA.exe [227144 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [LPManager] - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [LPMailChecker] - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379064 2012-10-18] (Synaptics Incorporated) HKLM\...\Run: [AMSG] - C:\Program Files\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO) HKLM\...\Run: [TPKMAPHELPER] - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [992816 2007-02-26] (Lenovo) HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.) HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [62240 2009-08-04] (Lenovo Group Limited) HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited) HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\Run: [Tango] - C:\Program Files\Tango\Tango.exe [13489992 2011-11-04] (Tango Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Systemadministrator\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-732048308-2395046871-4071129892-1000\FireFox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Systemadministrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-01] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "https://www.google.de/", "https://www.google.de/" CHR Extension: (Google Docs) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13] CHR Extension: (Google Drive) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13] CHR Extension: (YouTube) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13] CHR Extension: (Google-Suche) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13] CHR Extension: (Google Wallet) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] CHR Extension: (Google Mail) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13] CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-01-13] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2011-05-31] () R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2011-05-31] () R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited) S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited) R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo) R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation) S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [X] ==================== Drivers (Whitelisted) ==================== S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4172288 2009-04-01] (ATI Technologies Inc.) S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [2473472 2009-04-01] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-01] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-25] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-01] (Kaspersky Lab ZAO) S3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [81280 2007-06-08] (Lenovo) R3 lnvobus; C:\Windows\System32\DRIVERS\lnvobus.sys [282880 2008-12-16] (MCCI Corporation) R3 lnvocard; C:\Windows\System32\DRIVERS\lnvocard.sys [356480 2008-12-16] (MCCI Corporation) R3 lnvogps; C:\Windows\System32\DRIVERS\lnvogps.sys [77864 2008-10-23] (Ericsson AB) R3 lnvomdfl; C:\Windows\System32\DRIVERS\lnvomdfl.sys [15104 2008-12-16] (MCCI Corporation) R3 lnvomdfl2; C:\Windows\System32\DRIVERS\lnvomdfl2.sys [15104 2008-12-16] (MCCI Corporation) R3 lnvomdm; C:\Windows\System32\DRIVERS\lnvomdm.sys [365056 2008-12-16] (MCCI Corporation) R3 lnvomdm2; C:\Windows\System32\DRIVERS\lnvomdm2.sys [408960 2008-12-16] (MCCI Corporation) R3 lnvond5; C:\Windows\System32\DRIVERS\lnvond5.sys [25984 2008-12-16] (MCCI Corporation) R3 lnvounic; C:\Windows\System32\DRIVERS\lnvounic.sys [375424 2008-12-16] (MCCI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation) S3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [7346176 2011-10-31] (Intel Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [38200 2012-10-18] (Synaptics Incorporated) R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\lnvoscard.sys [24232 2008-07-08] (Sony Ericsson) S3 catchme; \??\C:\Users\SYSTEM~1\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-25] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-03 14:56 - 2014-04-03 14:56 - 00987442 _____ () C:\Users\Systemadministrator\Downloads\SecurityCheck.exe 2014-04-03 00:08 - 2014-04-03 00:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\430810B0.sys 2014-04-02 15:31 - 2014-04-02 15:31 - 00000000 ____D () C:\Program Files\ESET 2014-04-02 15:25 - 2014-04-02 15:25 - 02347384 _____ (ESET) C:\Users\Systemadministrator\Downloads\esetsmartinstaller_enu.exe 2014-04-01 13:12 - 2014-04-01 13:13 - 124065186 _____ () C:\Users\Systemadministrator\Downloads\Erfahre deine spirituelle Stufe von Conny Koppers.mp4 2014-03-31 18:45 - 2014-03-31 18:56 - 450301014 _____ () C:\Users\Systemadministrator\Downloads\Willst du NORMAL sein oder GLÜCKLICH - Robert Betz.mp4 2014-03-31 18:42 - 2014-03-31 18:59 - 940806762 _____ () C:\Users\Systemadministrator\Downloads\Louise L. Hay - Heilende Gedanken für Körper und Seele.mp4 2014-03-28 19:27 - 2014-03-28 19:27 - 00001608 _____ () C:\Users\Public\Desktop\Tango.lnk 2014-03-28 19:27 - 2014-03-28 19:27 - 00000000 ____D () C:\Program Files\Tango 2014-03-28 19:26 - 2014-04-02 15:15 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\tango 2014-03-28 13:39 - 2014-03-28 13:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-03-28 13:39 - 2014-03-05 10:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-28 13:39 - 2014-03-05 10:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-28 13:37 - 2014-03-28 13:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.0.1000(1).exe 2014-03-28 13:32 - 2014-03-28 13:33 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 13:30 - 2014-04-03 14:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-03-28 12:43 - 2014-03-28 12:43 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST(1).exe 2014-03-28 11:36 - 2014-03-28 11:36 - 00000789 _____ () C:\Users\Systemadministrator\Desktop\JRT.txt 2014-03-28 11:29 - 2014-03-28 11:29 - 00000000 ____D () C:\Windows\ERUNT 2014-03-28 11:28 - 2014-03-28 11:28 - 01038974 _____ (Thisisu) C:\Users\Systemadministrator\Downloads\JRT(1).exe 2014-03-28 11:27 - 2014-03-28 11:27 - 01038974 _____ (Thisisu) C:\Users\Systemadministrator\Downloads\JRT.exe 2014-03-27 21:05 - 2014-03-28 10:41 - 00000000 ____D () C:\AdwCleaner 2014-03-27 20:59 - 2014-03-27 20:59 - 01950720 _____ () C:\Users\Systemadministrator\Downloads\adwcleaner.exe 2014-03-26 17:25 - 2014-03-26 17:25 - 01950720 _____ () C:\Users\Systemadministrator\Desktop\adwcleaner.exe 2014-03-24 19:02 - 2014-03-24 19:02 - 00012897 _____ () C:\ComboFix.txt 2014-03-24 14:42 - 2014-03-24 14:42 - 00222064 _____ () C:\Windows\Minidump\Mini032414-01.dmp 2014-03-24 14:23 - 2014-03-24 19:02 - 00000000 ____D () C:\Qoobox 2014-03-24 14:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-24 14:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-24 14:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-24 14:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-24 14:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-24 14:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-24 14:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-24 14:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-24 14:21 - 2014-03-24 18:58 - 00000000 ____D () C:\Windows\erdnt 2014-03-24 14:18 - 2014-03-24 14:18 - 05192353 ____R (Swearware) C:\Users\Systemadministrator\Downloads\ComboFix.exe 2014-03-24 13:22 - 2014-03-24 13:28 - 00001057 _____ () C:\Users\Systemadministrator\Desktop\Revo Uninstaller.lnk 2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-24 13:21 - 2014-03-24 13:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Systemadministrator\Downloads\revosetup95.exe 2014-03-23 15:52 - 2014-03-24 14:19 - 00033076 _____ () C:\Users\Systemadministrator\Downloads\Addition.txt 2014-03-23 15:48 - 2014-04-03 15:09 - 00021053 _____ () C:\Users\Systemadministrator\Downloads\FRST.txt 2014-03-23 15:47 - 2014-04-03 15:09 - 00000000 ____D () C:\FRST 2014-03-23 15:44 - 2014-03-23 15:44 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST.exe 2014-03-14 04:04 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 04:04 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 04:04 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 04:04 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 04:04 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-14 04:04 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 04:04 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-14 04:04 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 04:03 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 04:03 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 04:03 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 04:03 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 04:03 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 04:03 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-14 04:03 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 04:03 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 13:43 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 13:43 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 13:43 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 13:42 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-08 09:57 - 2014-03-08 09:57 - 00000000 ____D () C:\ProgramData\WindowsSearch ==================== One Month Modified Files and Folders ======= 2014-04-03 15:10 - 2014-03-23 15:48 - 00021053 _____ () C:\Users\Systemadministrator\Downloads\FRST.txt 2014-04-03 15:09 - 2014-03-23 15:47 - 00000000 ____D () C:\FRST 2014-04-03 15:05 - 2014-02-01 16:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-03 15:01 - 2008-01-21 03:39 - 01806967 _____ () C:\Windows\WindowsUpdate.log 2014-04-03 14:56 - 2014-04-03 14:56 - 00987442 _____ () C:\Users\Systemadministrator\Downloads\SecurityCheck.exe 2014-04-03 14:54 - 2014-01-28 17:52 - 00000000 ____D () C:\Users\Systemadministrator\Documents\Büro 2014-04-03 14:48 - 2014-03-28 13:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-04-03 14:48 - 2014-02-10 17:38 - 00000984 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000UA.job 2014-04-03 14:48 - 2012-10-09 11:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-03 14:47 - 2006-11-02 14:47 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-03 14:47 - 2006-11-02 14:47 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-03 00:08 - 2014-04-03 00:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\430810B0.sys 2014-04-02 16:43 - 2014-02-10 17:38 - 00000962 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000Core.job 2014-04-02 15:31 - 2014-04-02 15:31 - 00000000 ____D () C:\Program Files\ESET 2014-04-02 15:25 - 2014-04-02 15:25 - 02347384 _____ (ESET) C:\Users\Systemadministrator\Downloads\esetsmartinstaller_enu.exe 2014-04-02 15:20 - 2008-01-21 10:32 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-02 15:15 - 2014-03-28 19:26 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\tango 2014-04-01 19:52 - 2014-02-01 22:44 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\DVDVideoSoft 2014-04-01 18:00 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-01 17:51 - 2013-04-04 09:52 - 00669806 _____ () C:\Windows\PFRO.log 2014-04-01 13:13 - 2014-04-01 13:12 - 124065186 _____ () C:\Users\Systemadministrator\Downloads\Erfahre deine spirituelle Stufe von Conny Koppers.mp4 2014-03-31 18:59 - 2014-03-31 18:42 - 940806762 _____ () C:\Users\Systemadministrator\Downloads\Louise L. Hay - Heilende Gedanken für Körper und Seele.mp4 2014-03-31 18:56 - 2014-03-31 18:45 - 450301014 _____ () C:\Users\Systemadministrator\Downloads\Willst du NORMAL sein oder GLÜCKLICH - Robert Betz.mp4 2014-03-31 18:21 - 2014-01-17 21:00 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-31 18:20 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing 2014-03-30 12:25 - 2014-01-16 12:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-29 18:23 - 2014-02-16 00:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-29 18:23 - 2014-01-17 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-28 19:27 - 2014-03-28 19:27 - 00001608 _____ () C:\Users\Public\Desktop\Tango.lnk 2014-03-28 19:27 - 2014-03-28 19:27 - 00000000 ____D () C:\Program Files\Tango 2014-03-28 13:39 - 2014-03-28 13:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-03-28 13:39 - 2014-01-16 12:16 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-28 13:39 - 2014-01-16 12:16 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\Malwarebytes 2014-03-28 13:39 - 2014-01-16 12:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 13:37 - 2014-03-28 13:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.0.1000(1).exe 2014-03-28 13:33 - 2014-03-28 13:32 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 12:43 - 2014-03-28 12:43 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST(1).exe 2014-03-28 11:36 - 2014-03-28 11:36 - 00000789 _____ () C:\Users\Systemadministrator\Desktop\JRT.txt 2014-03-28 11:29 - 2014-03-28 11:29 - 00000000 ____D () C:\Windows\ERUNT 2014-03-28 11:28 - 2014-03-28 11:28 - 01038974 _____ (Thisisu) C:\Users\Systemadministrator\Downloads\JRT(1).exe 2014-03-28 11:27 - 2014-03-28 11:27 - 01038974 _____ (Thisisu) C:\Users\Systemadministrator\Downloads\JRT.exe 2014-03-28 10:41 - 2014-03-27 21:05 - 00000000 ____D () C:\AdwCleaner 2014-03-28 09:39 - 2012-10-09 12:27 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-28 09:39 - 2006-11-02 15:01 - 00032246 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-27 20:59 - 2014-03-27 20:59 - 01950720 _____ () C:\Users\Systemadministrator\Downloads\adwcleaner.exe 2014-03-26 17:25 - 2014-03-26 17:25 - 01950720 _____ () C:\Users\Systemadministrator\Desktop\adwcleaner.exe 2014-03-25 14:48 - 2014-01-22 19:16 - 00093840 _____ () C:\Windows\DpInst.log 2014-03-25 14:47 - 2014-01-22 17:15 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-03-25 14:46 - 2012-10-09 14:06 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-03-25 10:45 - 2014-02-01 16:25 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-25 10:45 - 2014-02-01 16:25 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-24 19:02 - 2014-03-24 19:02 - 00012897 _____ () C:\ComboFix.txt 2014-03-24 19:02 - 2014-03-24 14:23 - 00000000 ____D () C:\Qoobox 2014-03-24 19:02 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2014-03-24 19:02 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-03-24 18:58 - 2014-03-24 14:21 - 00000000 ____D () C:\Windows\erdnt 2014-03-24 18:56 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2014-03-24 18:55 - 2012-10-09 10:21 - 00000000 ____D () C:\Users\Systemadministrator 2014-03-24 14:42 - 2014-03-24 14:42 - 00222064 _____ () C:\Windows\Minidump\Mini032414-01.dmp 2014-03-24 14:42 - 2014-01-21 10:42 - 00000000 ____D () C:\Windows\Minidump 2014-03-24 14:42 - 2014-01-21 10:41 - 299955924 _____ () C:\Windows\MEMORY.DMP 2014-03-24 14:19 - 2014-03-23 15:52 - 00033076 _____ () C:\Users\Systemadministrator\Downloads\Addition.txt 2014-03-24 14:18 - 2014-03-24 14:18 - 05192353 ____R (Swearware) C:\Users\Systemadministrator\Downloads\ComboFix.exe 2014-03-24 13:28 - 2014-03-24 13:22 - 00001057 _____ () C:\Users\Systemadministrator\Desktop\Revo Uninstaller.lnk 2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-24 13:21 - 2014-03-24 13:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Systemadministrator\Downloads\revosetup95.exe 2014-03-23 15:44 - 2014-03-23 15:44 - 01145856 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST.exe 2014-03-19 04:08 - 2013-10-22 13:07 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 04:02 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-14 04:44 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-03-14 04:26 - 2013-04-04 09:52 - 00228296 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 04:24 - 2012-10-09 15:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 04:01 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-13 13:48 - 2012-10-09 11:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-13 13:48 - 2012-10-09 11:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-12 11:02 - 2012-10-09 10:21 - 00008404 _____ () C:\Users\Systemadministrator\AppData\Local\d3d9caps.dat 2014-03-08 09:57 - 2014-03-08 09:57 - 00000000 ____D () C:\ProgramData\WindowsSearch 2014-03-05 10:26 - 2014-03-28 13:39 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 10:26 - 2014-03-28 13:39 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 10:26 - 2014-01-16 12:16 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Systemadministrator\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-02 18:13 ==================== End Of Log ============================ Ich hoffe sehr, dass ich nun keine Probleme mehr habe!!! kann ich alle benutzten Programme nun einfach deinstallieren oder muss ich irgendwas beachten? Wie schütze ich mich nachhaltig vor solchen mails ??? Vielen Dank für deine Unterstützung mit lieben Grüßen Min |
04.04.2014, 10:49 | #10 | |
/// the machine /// TB-Ausbilder | Inkassozahlungsaufforderung mit Trojaner im Anhang?Zitat:
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.05.2014, 09:56 | #11 |
| Inkassozahlungsaufforderung mit Trojaner im Anhang? Danke dir sehr schrauber nochmals für alle deine Hilfe. Wegen Krankheit konnte ich mich eineWeile nicht mehr melden. Auf alle Fälle ganz herzlichst danke für deine Tips!!!! Alles Liebe min P/S.: Da ich schon wieder ein Problem habe eröffne ichein neues Thema. |
14.05.2014, 08:22 | #12 |
/// the machine /// TB-Ausbilder | Inkassozahlungsaufforderung mit Trojaner im Anhang? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.05.2014, 16:35 | #13 |
| Inkassozahlungsaufforderung mit Trojaner im Anhang? hallo schrauber ich bitte dich nochmal um einen check....PUPs etc....und wie kann ich ZoneAlarmSecurity wieder loswerden??? danke dir und lieben gruß Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2014/05/21 17:24:27 +0200</date> <log>mbam-log-2014-05-21 (15-41-35).xml</log> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.1.1004</version> <rules-database>v2014.05.21.05</rules-database> <swissarmy-database>v2014.03.27.01</swissarmy-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows Vista Service Pack 2</osversion> <arch>x86</arch> <username>Systemadministrator</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>247943</objects> <time>6122</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>3</folders> <files>0</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <shuriken>enabled</shuriken> <pup>warn</pup> <pum>enabled</pum> </options> -<items> -<folder><path>C:\Users\Systemadministrator\AppData\Roaming\OpenCandy</path><vendor>PUP.Optional.OpenCandy</vendor><action/><hash>3acfbd97bcbf50e606c685eef21028d8</hash></folder> -<folder><path>C:\Users\Systemadministrator\AppData\Roaming\OpenCandy\123CE891A8B6429FB0C4E461C00D9456</path><vendor>PUP.Optional.OpenCandy</vendor><action/><hash>3acfbd97bcbf50e606c685eef21028d8</hash></folder> -<folder><path>C:\Users\Systemadministrator\AppData\Roaming\OpenCandy\F036A93E21E74FACBDFB31147F0DC0B9</path><vendor>PUP.Optional.OpenCandy</vendor><action/><hash>3acfbd97bcbf50e606c685eef21028d8</hash></folder> </items> </mbam-log> |
22.05.2014, 12:41 | #14 |
/// the machine /// TB-Ausbilder | Inkassozahlungsaufforderung mit Trojaner im Anhang? Poste mal bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.05.2014, 17:53 | #15 |
| Inkassozahlungsaufforderung mit Trojaner im Anhang? Daaaanke )))))) Hier das frische FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014 Ran by Systemadministrator (administrator) on SYSTEM on 23-05-2014 17:11:54 Running from C:\Users\Systemadministrator\Downloads Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\System32\DTS.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (AuthenTec, Inc.) C:\Windows\System32\AtService.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe (Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (SlySoft, Inc.) C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec) HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [102400 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [CreateLMBCShortCut] => C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [40960 2010-02-16] () HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [4446784 2012-09-24] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [186248 2012-09-20] (Lenovo.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation) HKLM\...\Run: [IaNvSrv] => C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33304 2009-10-06] (Intel Corporation) HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [433248 2012-05-30] (Lenovo) HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] () HKLM\...\Run: [ATUpdatePBA.ltp] => C:\Windows\system32\ATUpdatePBA.exe [227144 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [LPMailChecker] => C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379064 2012-10-18] (Synaptics Incorporated) HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO) HKLM\...\Run: [TPKMAPHELPER] => C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [992816 2007-02-26] (Lenovo) HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.) HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [62240 2009-08-04] (Lenovo Group Limited) HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited) HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.) HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.) HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-732048308-2395046871-4071129892-1000\...\Policies\Explorer: [RestrictRun] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MB64869A1-3B41-45E5-BB91-F8841C87A6D7&SearchSource=58&CUI=&UM=5&UP=SP310C6C65-56A4-48AF-A177-A11C4132F0E6&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MB64869A1-3B41-45E5-BB91-F8841C87A6D7&SearchSource=58&CUI=&UM=5&UP=SP310C6C65-56A4-48AF-A177-A11C4132F0E6&q={searchTerms}&SSPV= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Systemadministrator\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-732048308-2395046871-4071129892-1000\FireFox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Systemadministrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-01] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-01] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "https://www.google.de/", "https://www.google.de/" CHR Extension: (Google Docs) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13] CHR Extension: (Google Drive) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13] CHR Extension: (YouTube) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13] CHR Extension: (Google Search) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13] CHR Extension: (Google Wallet) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] CHR Extension: (Gmail) - C:\Users\Systemadministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13] CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-01-13] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2011-05-31] () R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2011-05-31] () R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited) S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited) R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo) R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation) R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.) R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.) S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [X] ==================== Drivers (Whitelisted) ==================== S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4172288 2009-04-01] (ATI Technologies Inc.) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG) S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [2473472 2009-04-01] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-01] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-25] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-01] (Kaspersky Lab ZAO) S3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [81280 2007-06-08] (Lenovo) R3 lnvobus; C:\Windows\System32\DRIVERS\lnvobus.sys [282880 2008-12-16] (MCCI Corporation) R3 lnvocard; C:\Windows\System32\DRIVERS\lnvocard.sys [356480 2008-12-16] (MCCI Corporation) R3 lnvogps; C:\Windows\System32\DRIVERS\lnvogps.sys [77864 2008-10-23] (Ericsson AB) R3 lnvomdfl; C:\Windows\System32\DRIVERS\lnvomdfl.sys [15104 2008-12-16] (MCCI Corporation) R3 lnvomdfl2; C:\Windows\System32\DRIVERS\lnvomdfl2.sys [15104 2008-12-16] (MCCI Corporation) R3 lnvomdm; C:\Windows\System32\DRIVERS\lnvomdm.sys [365056 2008-12-16] (MCCI Corporation) R3 lnvomdm2; C:\Windows\System32\DRIVERS\lnvomdm2.sys [408960 2008-12-16] (MCCI Corporation) R3 lnvond5; C:\Windows\System32\DRIVERS\lnvond5.sys [25984 2008-12-16] (MCCI Corporation) R3 lnvounic; C:\Windows\System32\DRIVERS\lnvounic.sys [375424 2008-12-16] (MCCI Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-22] (Malwarebytes Corporation) R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [7346176 2011-10-31] (Intel Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [38200 2012-10-18] (Synaptics Incorporated) R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\lnvoscard.sys [24232 2008-07-08] (Sony Ericsson) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-05-11] () R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-04-24] (Check Point Software Technologies Ltd.) S3 catchme; \??\C:\Users\SYSTEM~1\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-25] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-23 17:09 - 2014-05-23 17:09 - 01056768 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST.exe 2014-05-23 15:06 - 2014-05-23 15:06 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\Skype 2014-05-23 15:05 - 2014-05-23 15:05 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-05-23 15:05 - 2014-05-23 15:05 - 00000000 ___RD () C:\Program Files\Skype 2014-05-23 15:05 - 2014-05-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-05-23 15:05 - 2014-05-23 15:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-21 17:24 - 2014-05-21 17:24 - 00003760 _____ () C:\Users\Systemadministrator\Documents\mbm.Xml 2014-05-21 13:48 - 2014-05-21 13:48 - 00000000 ____D () C:\ProgramData\Licenses 2014-05-21 13:47 - 2014-05-21 13:55 - 00000000 ____D () C:\Program Files\SpywareBlaster 2014-05-21 13:47 - 2014-05-21 13:47 - 00000876 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-05-21 13:47 - 2014-05-21 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-05-21 13:47 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX 2014-05-21 13:47 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL 2014-05-21 13:45 - 2014-05-21 13:45 - 04095448 _____ (BrightFort LLC ) C:\Users\Systemadministrator\Downloads\spywareblastersetup50.exe 2014-05-20 21:17 - 2014-05-20 21:23 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml 2014-05-20 21:16 - 2014-05-20 21:16 - 00000639 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2014-05-20 21:16 - 2014-05-20 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2014-05-20 21:15 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-05-20 20:57 - 2014-05-20 21:16 - 00000000 ____D () C:\Program Files\CheckPoint 2014-05-20 20:57 - 2014-05-20 20:57 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-05-20 20:47 - 2014-05-20 20:47 - 00001032 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-05-20 20:45 - 2014-05-20 20:45 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-05-20 20:42 - 2014-05-20 20:42 - 32753176 _____ (DVDVideoSoft Ltd. ) C:\Users\Systemadministrator\Downloads\FreeYouTubeDownload3235514.exe 2014-05-20 19:41 - 2014-05-20 19:42 - 39074536 _____ (Microsoft Corporation) C:\Users\Systemadministrator\Downloads\FileFormatConverters.exe 2014-05-20 19:41 - 2014-05-20 19:42 - 26908896 _____ (Microsoft Corporation) C:\Users\Systemadministrator\Downloads\Windows-KB890830-V5.12.exe 2014-05-20 19:41 - 2014-05-20 19:41 - 02959376 _____ (Microsoft Corporation) C:\Users\Systemadministrator\Downloads\dotnetfx35setup.exe 2014-05-16 19:33 - 2014-05-16 19:33 - 03161648 _____ (VS Revo Group) C:\Users\Systemadministrator\Downloads\Revouninstaller.exe 2014-05-15 03:01 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 03:01 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 03:01 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 21:47 - 2014-05-14 21:47 - 00168168 _____ () C:\Windows\Minidump\Mini051414-01.dmp 2014-05-14 13:46 - 2014-05-14 13:46 - 00000041 ___SH () C:\ProgramData\.zreglib 2014-05-14 13:40 - 2014-05-14 13:40 - 00000906 _____ () C:\Users\Public\Desktop\CloneCD.lnk 2014-05-14 13:40 - 2014-05-14 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft 2014-05-14 13:40 - 2014-05-14 13:40 - 00000000 ____D () C:\Program Files\SlySoft 2014-05-14 13:39 - 2014-05-14 13:39 - 02734688 _____ () C:\Users\Systemadministrator\Downloads\SetupCloneCD5314.exe 2014-05-14 13:30 - 2014-05-14 13:30 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\dvdcss 2014-05-14 09:31 - 2014-05-20 17:43 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\vlc 2014-05-14 09:30 - 2014-05-14 09:30 - 00000859 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-05-14 09:30 - 2014-05-14 09:30 - 00000000 ____D () C:\Program Files\VideoLAN 2014-05-14 09:13 - 2014-05-14 09:13 - 00629584 _____ (Chip Digital GmbH) C:\Users\Systemadministrator\Downloads\VLC media player 32 Bit - CHIP-Downloader.exe 2014-05-14 08:03 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-13 21:48 - 2014-05-13 21:48 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-05-13 15:43 - 2014-05-13 15:43 - 00037498 _____ () C:\Users\Systemadministrator\Desktop\FRST.txt 2014-05-13 15:43 - 2014-05-13 15:43 - 00025044 _____ () C:\Users\Systemadministrator\Desktop\Addition.txt 2014-05-13 15:40 - 2014-05-13 15:48 - 00025044 _____ () C:\Users\Systemadministrator\Downloads\Addition.txt 2014-05-13 15:37 - 2014-05-23 17:11 - 00022278 _____ () C:\Users\Systemadministrator\Downloads\FRST.txt 2014-05-13 15:36 - 2014-05-23 17:11 - 00000000 ____D () C:\FRST 2014-05-13 15:35 - 2014-05-13 15:35 - 01056256 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST(1).exe 2014-05-13 11:42 - 2014-05-13 11:42 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-13 11:42 - 2014-05-13 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-13 11:41 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-13 11:41 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-13 11:41 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-13 11:04 - 2014-05-13 11:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.1.1004(1).exe 2014-05-13 10:37 - 2014-05-13 10:37 - 00686664 _____ ( ) C:\Users\Systemadministrator\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-2.0.1.1004.exe 2014-05-13 10:36 - 2014-05-13 10:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-11 13:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-05-11 13:22 - 2014-05-11 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-11 13:22 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-05-11 13:22 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-05-11 13:22 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-05-11 13:21 - 2014-05-11 13:22 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-05-11 10:31 - 2014-05-11 10:32 - 00172264 _____ () C:\Windows\Minidump\Mini051114-01.dmp 2014-05-10 14:19 - 2014-05-11 19:45 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-05-10 14:17 - 2014-05-10 14:17 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\SlimWare Utilities Inc 2014-05-10 14:14 - 2014-05-11 23:02 - 00000000 ____D () C:\Program Files\DriverUpdate 2014-05-10 14:13 - 2014-05-10 14:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-05-10 14:11 - 2014-05-10 14:11 - 00862696 _____ (SlimWare Utilities, Inc.) C:\Users\Systemadministrator\Downloads\DriverUpdate-setup.exe 2014-05-10 09:10 - 2014-05-10 09:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 09:10 - 2014-05-10 09:10 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\TuneUp Software 2014-05-10 09:10 - 2014-05-10 09:10 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\TuneUp Software 2014-05-10 09:09 - 2014-05-10 09:15 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-05-10 09:08 - 2014-05-20 20:47 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-05-10 09:07 - 2014-05-10 09:07 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\SearchProtect 2014-05-10 09:06 - 2014-05-20 20:47 - 00002011 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk 2014-05-10 09:06 - 2014-05-20 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-05-10 09:06 - 2014-05-12 18:37 - 00000000 ____D () C:\Program Files\SearchProtect 2014-05-10 09:05 - 2014-05-20 20:47 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2014-05-10 08:57 - 2014-05-10 08:57 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Systemadministrator\Downloads\FreeYouTubeDownload-3.2.33.424.exe 2014-05-06 14:58 - 2014-05-06 14:59 - 19738855 _____ () C:\Users\Systemadministrator\Downloads\Ich schick dir einen Engel.mp4 2014-05-03 19:06 - 2014-05-03 19:11 - 00003037 _____ () C:\DelFix.txt 2014-05-03 06:59 - 2014-05-05 20:01 - 05324800 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤 2014-04-30 19:31 - 2014-04-30 19:32 - 52253516 _____ () C:\Users\Systemadministrator\Downloads\Liebe statt Angst - Louise L. Hay (Visionsmeditation).mp4 2014-04-26 16:04 - 2014-04-26 16:07 - 278900552 _____ () C:\Users\Systemadministrator\Downloads\The Secret (german).mp4 2014-04-24 23:03 - 2014-04-24 23:03 - 00456088 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys ==================== One Month Modified Files and Folders ======= 2014-05-23 17:14 - 2014-05-13 15:37 - 00022278 _____ () C:\Users\Systemadministrator\Downloads\FRST.txt 2014-05-23 17:11 - 2014-05-13 15:36 - 00000000 ____D () C:\FRST 2014-05-23 17:09 - 2014-05-23 17:09 - 01056768 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST.exe 2014-05-23 17:06 - 2014-01-14 20:48 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\Skype 2014-05-23 16:53 - 2006-11-02 14:47 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-23 16:53 - 2006-11-02 14:47 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-23 16:48 - 2012-10-09 11:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-23 16:43 - 2014-02-10 17:38 - 00000984 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000UA.job 2014-05-23 16:43 - 2014-02-10 17:38 - 00000962 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-732048308-2395046871-4071129892-1000Core.job 2014-05-23 15:39 - 2008-01-21 03:39 - 01108258 _____ () C:\Windows\WindowsUpdate.log 2014-05-23 15:20 - 2014-02-01 16:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-23 15:06 - 2014-05-23 15:06 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\Skype 2014-05-23 15:05 - 2014-05-23 15:05 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-05-23 15:05 - 2014-05-23 15:05 - 00000000 ___RD () C:\Program Files\Skype 2014-05-23 15:05 - 2014-05-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-05-23 15:05 - 2014-05-23 15:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-23 15:05 - 2014-01-14 20:47 - 00000000 ____D () C:\ProgramData\Skype 2014-05-23 15:00 - 2013-01-15 18:00 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-23 15:00 - 2008-01-21 10:32 - 00006566 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-23 14:54 - 2014-01-17 21:00 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-23 14:53 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-23 14:52 - 2013-04-04 09:52 - 00676502 _____ () C:\Windows\PFRO.log 2014-05-23 14:05 - 2012-10-09 10:21 - 00008404 _____ () C:\Users\Systemadministrator\AppData\Local\d3d9caps.dat 2014-05-22 17:47 - 2014-03-28 13:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-05-21 17:27 - 2014-01-28 17:52 - 00000000 ____D () C:\Users\Systemadministrator\Documents\Büro 2014-05-21 17:24 - 2014-05-21 17:24 - 00003760 _____ () C:\Users\Systemadministrator\Documents\mbm.Xml 2014-05-21 13:55 - 2014-05-21 13:47 - 00000000 ____D () C:\Program Files\SpywareBlaster 2014-05-21 13:48 - 2014-05-21 13:48 - 00000000 ____D () C:\ProgramData\Licenses 2014-05-21 13:47 - 2014-05-21 13:47 - 00000876 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-05-21 13:47 - 2014-05-21 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-05-21 13:45 - 2014-05-21 13:45 - 04095448 _____ (BrightFort LLC ) C:\Users\Systemadministrator\Downloads\spywareblastersetup50.exe 2014-05-21 13:20 - 2014-01-16 12:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-05-20 23:37 - 2012-10-09 12:27 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-05-20 23:37 - 2006-11-02 15:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-20 21:44 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-20 21:23 - 2014-05-20 21:17 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml 2014-05-20 21:19 - 2012-10-09 10:21 - 00000000 ____D () C:\Users\Systemadministrator 2014-05-20 21:16 - 2014-05-20 21:16 - 00000639 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2014-05-20 21:16 - 2014-05-20 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2014-05-20 21:16 - 2014-05-20 20:57 - 00000000 ____D () C:\Program Files\CheckPoint 2014-05-20 20:57 - 2014-05-20 20:57 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-05-20 20:47 - 2014-05-20 20:47 - 00001032 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-05-20 20:47 - 2014-05-10 09:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-05-20 20:47 - 2014-05-10 09:06 - 00002011 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk 2014-05-20 20:47 - 2014-05-10 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-05-20 20:47 - 2014-05-10 09:05 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2014-05-20 20:45 - 2014-05-20 20:45 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-05-20 20:45 - 2014-02-01 22:44 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\DVDVideoSoft 2014-05-20 20:42 - 2014-05-20 20:42 - 32753176 _____ (DVDVideoSoft Ltd. ) C:\Users\Systemadministrator\Downloads\FreeYouTubeDownload3235514.exe 2014-05-20 19:42 - 2014-05-20 19:41 - 39074536 _____ (Microsoft Corporation) C:\Users\Systemadministrator\Downloads\FileFormatConverters.exe 2014-05-20 19:42 - 2014-05-20 19:41 - 26908896 _____ (Microsoft Corporation) C:\Users\Systemadministrator\Downloads\Windows-KB890830-V5.12.exe 2014-05-20 19:41 - 2014-05-20 19:41 - 02959376 _____ (Microsoft Corporation) C:\Users\Systemadministrator\Downloads\dotnetfx35setup.exe 2014-05-20 17:43 - 2014-05-14 09:31 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\vlc 2014-05-18 14:34 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-05-18 14:33 - 2014-01-21 13:55 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-05-18 14:33 - 2012-10-09 14:11 - 00000000 ____D () C:\ProgramData\Lenovo 2014-05-18 14:33 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool 2014-05-18 14:33 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration 2014-05-18 14:33 - 2006-11-02 12:22 - 74186752 _____ () C:\Windows\system32\config\system_previous 2014-05-18 14:33 - 2006-11-02 12:22 - 40108032 _____ () C:\Windows\system32\config\components_previous 2014-05-18 14:33 - 2006-11-02 12:22 - 34865152 _____ () C:\Windows\system32\config\software_previous 2014-05-18 14:33 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-05-18 14:33 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-05-18 14:33 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default_previous 2014-05-17 15:06 - 2014-01-21 10:42 - 00000000 ____D () C:\Windows\Minidump 2014-05-16 19:33 - 2014-05-16 19:33 - 03161648 _____ (VS Revo Group) C:\Users\Systemadministrator\Downloads\Revouninstaller.exe 2014-05-15 03:09 - 2013-10-22 13:07 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 21:47 - 2014-05-14 21:47 - 00168168 _____ () C:\Windows\Minidump\Mini051414-01.dmp 2014-05-14 21:47 - 2014-01-21 10:41 - 241046594 _____ () C:\Windows\MEMORY.DMP 2014-05-14 13:46 - 2014-05-14 13:46 - 00000041 ___SH () C:\ProgramData\.zreglib 2014-05-14 13:40 - 2014-05-14 13:40 - 00000906 _____ () C:\Users\Public\Desktop\CloneCD.lnk 2014-05-14 13:40 - 2014-05-14 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft 2014-05-14 13:40 - 2014-05-14 13:40 - 00000000 ____D () C:\Program Files\SlySoft 2014-05-14 13:39 - 2014-05-14 13:39 - 02734688 _____ () C:\Users\Systemadministrator\Downloads\SetupCloneCD5314.exe 2014-05-14 13:30 - 2014-05-14 13:30 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\dvdcss 2014-05-14 13:29 - 2013-12-17 01:18 - 00067584 _____ () C:\Users\Systemadministrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-14 09:30 - 2014-05-14 09:30 - 00000859 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-05-14 09:30 - 2014-05-14 09:30 - 00000000 ____D () C:\Program Files\VideoLAN 2014-05-14 09:13 - 2014-05-14 09:13 - 00629584 _____ (Chip Digital GmbH) C:\Users\Systemadministrator\Downloads\VLC media player 32 Bit - CHIP-Downloader.exe 2014-05-13 21:48 - 2014-05-13 21:48 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-05-13 21:48 - 2012-10-09 11:36 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-13 21:48 - 2012-10-09 11:36 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-13 15:48 - 2014-05-13 15:40 - 00025044 _____ () C:\Users\Systemadministrator\Downloads\Addition.txt 2014-05-13 15:43 - 2014-05-13 15:43 - 00037498 _____ () C:\Users\Systemadministrator\Desktop\FRST.txt 2014-05-13 15:43 - 2014-05-13 15:43 - 00025044 _____ () C:\Users\Systemadministrator\Desktop\Addition.txt 2014-05-13 15:35 - 2014-05-13 15:35 - 01056256 _____ (Farbar) C:\Users\Systemadministrator\Downloads\FRST(1).exe 2014-05-13 15:18 - 2014-03-28 13:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-13 11:42 - 2014-05-13 11:42 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-13 11:42 - 2014-05-13 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-13 11:04 - 2014-05-13 11:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.1.1004(1).exe 2014-05-13 10:37 - 2014-05-13 10:37 - 00686664 _____ ( ) C:\Users\Systemadministrator\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-2.0.1.1004.exe 2014-05-13 10:36 - 2014-05-13 10:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Systemadministrator\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-12 18:37 - 2014-05-10 09:06 - 00000000 ____D () C:\Program Files\SearchProtect 2014-05-11 23:02 - 2014-05-10 14:14 - 00000000 ____D () C:\Program Files\DriverUpdate 2014-05-11 23:02 - 2014-02-05 09:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-05-11 19:45 - 2014-05-10 14:19 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-05-11 16:16 - 2013-04-04 09:54 - 00012852 _____ () C:\Windows\setupact.log 2014-05-11 13:22 - 2014-05-11 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-11 13:22 - 2014-05-11 13:21 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-05-11 13:22 - 2012-10-09 11:39 - 00000000 ____D () C:\Program Files\Java 2014-05-11 10:32 - 2014-05-11 10:31 - 00172264 _____ () C:\Windows\Minidump\Mini051114-01.dmp 2014-05-10 14:17 - 2014-05-10 14:17 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\SlimWare Utilities Inc 2014-05-10 14:13 - 2014-05-10 14:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-05-10 14:11 - 2014-05-10 14:11 - 00862696 _____ (SlimWare Utilities, Inc.) C:\Users\Systemadministrator\Downloads\DriverUpdate-setup.exe 2014-05-10 10:48 - 2014-01-17 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-10 09:15 - 2014-05-10 09:09 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-05-10 09:14 - 2014-05-10 09:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 09:10 - 2014-05-10 09:10 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Roaming\TuneUp Software 2014-05-10 09:10 - 2014-05-10 09:10 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\TuneUp Software 2014-05-10 09:07 - 2014-05-10 09:07 - 00000000 ____D () C:\Users\Systemadministrator\AppData\Local\SearchProtect 2014-05-10 08:57 - 2014-05-10 08:57 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Systemadministrator\Downloads\FreeYouTubeDownload-3.2.33.424.exe 2014-05-06 14:59 - 2014-05-06 14:58 - 19738855 _____ () C:\Users\Systemadministrator\Downloads\Ich schick dir einen Engel.mp4 2014-05-06 01:32 - 2014-05-15 03:01 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 01:14 - 2014-05-15 03:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 01:14 - 2014-05-15 03:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-05 20:01 - 2014-05-03 06:59 - 05324800 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤 2014-05-04 17:14 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-05-03 19:11 - 2014-05-03 19:06 - 00003037 _____ () C:\DelFix.txt 2014-05-03 19:07 - 2014-03-28 11:29 - 00000000 ____D () C:\Windows\ERUNT 2014-04-30 19:32 - 2014-04-30 19:31 - 52253516 _____ () C:\Users\Systemadministrator\Downloads\Liebe statt Angst - Louise L. Hay (Visionsmeditation).mp4 2014-04-26 16:07 - 2014-04-26 16:04 - 278900552 _____ () C:\Users\Systemadministrator\Downloads\The Secret (german).mp4 2014-04-24 23:03 - 2014-04-24 23:03 - 00456088 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys Some content of TEMP: ==================== C:\Users\Systemadministrator\AppData\Local\temp\DseShExt-x86.dll C:\Users\Systemadministrator\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe C:\Users\Systemadministrator\AppData\Local\temp\Quarantine.exe C:\Users\Systemadministrator\AppData\Local\temp\SDShelEx-win32.dll C:\Users\Systemadministrator\AppData\Local\temp\SPSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-23 14:59 ==================== End Of Log ============================ LG Min |
Themen zu Inkassozahlungsaufforderung mit Trojaner im Anhang? |
anderes, angeblich, anhang, anhänge, anhängen, bezahlen, business, email, fenster, hängen, inkassozahlungsaufforderung mit trojaner im anhang?!?, klick, konnte, kurzem, melde, min, programm, sofort, troja, trojaner, trojanerboard, unsicher, vista, windows, windows vista, würde |