|
Log-Analyse und Auswertung: Windows 7 64Bit Sperrbildschirm / FRST txt anbeiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.03.2014, 18:57 | #1 |
| Windows 7 64Bit Sperrbildschirm / FRST txt anbei Hallo, meine "Hochschwangere" Schwester hat mir ziemlich verzweifelt Ihr "altes" Notebook gebracht, weil dort die einzige Lagerstätte von Bilder Ihres Erstgeborenen sind. Die Maschine ist immer in einem ziemliche chaotischen Zustand. Jetzt hat Sie sich aber einen Sperrbildschirm eingefangen, mit dem ich so einfach nicht fertig werde. Wenn mit jemand helfen könnte, wäre ich sehr dankbar, da meine Schwester zur Zeit eher...Hormonell gesteuert ist, und mein Schwager der Situation äusserst hilflos ausgeliefert ist. Danke für Eure/Deine Hilfe! Gruss P.S. leider habe ich ausser FRST nix mehr aus dem System rausbekommen: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Bekki (administrator) on PC-K on 31-03-2014 19:42:37 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [atchk] - C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-09-05] (NVIDIA Corporation) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify Web Helper] - C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify] - C:\Users\Bekki\AppData\Roaming\Spotify\Spotify.exe [4489112 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\MountPoints2: {2cf15101-7349-11e1-9941-001e37821500} - E:\LaunchU3.exe -a HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION Lsa: [Notification Packages] scecli ACGina ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72BDB9C8EFCACC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKCU - {D6025D83-5701-4B05-BF7D-408943F40585} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=B29F9ABE-C3FC-457A-9E61-BECCC20AD501&apn_sauid=3A84F2E8-FDB2-4C12-87BA-07E0F51C7F58 BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO) CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (VLC Web Plugin) - C:\Users\Bekki\Desktop\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-10-08] CHR Extension: (Virtuelle Tastatur) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-10-08] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\urladvisor.crx [2012-04-10] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\virtkbd.crx [2012-04-10] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\ab.crx [2012-04-10] ==================== Services (Whitelisted) ================= S2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) S2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation) S2 AVP; C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-03-15] (Lenovo.) S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [114688 2009-11-30] (Intel Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-11-23] () S2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [615728 2012-05-23] (Kaspersky Lab) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 19:41 - 2014-03-31 19:42 - 00000000 ____D () C:\FRST ==================== One Month Modified Files and Folders ======= 2014-03-31 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-31 19:42 - 2014-03-31 19:41 - 00000000 ____D () C:\FRST 2014-03-31 19:38 - 2013-05-16 09:09 - 00000004 _____ () C:\Users\Bekki\AppData\Roaming\skype.ini 2014-03-31 19:38 - 2012-11-30 19:58 - 00000336 _____ () C:\Windows\Tasks\spmonitor.job 2014-03-31 19:38 - 2012-11-30 12:37 - 00000258 _____ () C:\Windows\Tasks\SpeedUpMyPC.job 2014-03-31 19:38 - 2012-05-23 17:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-31 19:38 - 2012-01-04 22:38 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-31 19:37 - 2012-05-24 14:41 - 00007982 _____ () C:\Windows\setupact.log 2014-03-31 19:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-31 19:32 - 2009-07-14 12:57 - 00654150 _____ () C:\Windows\system32\perfh007.dat 2014-03-31 19:32 - 2009-07-14 12:57 - 00130022 _____ () C:\Windows\system32\perfc007.dat 2014-03-31 19:32 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-31 19:20 - 2012-01-04 23:17 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-03-31 19:18 - 2012-01-04 23:18 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-03-31 19:17 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-31 19:17 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-31 19:16 - 2012-12-12 19:52 - 00000000 ____D () C:\Users\Bekki\AppData\Roaming\Spotify 2014-03-31 19:15 - 2012-01-04 22:38 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-31 19:13 - 2012-01-04 10:38 - 01260346 _____ () C:\Windows\WindowsUpdate.log 2014-03-31 19:10 - 2012-01-04 10:54 - 00000000 ____D () C:\Users\Bekki Files to move or delete: ==================== C:\Users\Bekki\AppData\Roaming\skype.dat C:\Users\Bekki\AppData\Roaming\skype.ini Some content of TEMP: ==================== C:\Users\Bekki\AppData\Local\Temp\ApnStub.exe C:\Users\Bekki\AppData\Local\Temp\install_reader10_de_gtbp_chra_aih.exe C:\Users\Bekki\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-05-04 11:37 ==================== End Of Log ============================ |
31.03.2014, 19:20 | #2 |
/// Malwareteam | Windows 7 64Bit Sperrbildschirm / FRST txt anbei Hallo JBL,
__________________mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise: Regeln zum Ablauf der Bereinigung
Hinweise Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.
Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION C:\Users\Bekki\AppData\Roaming\skype.dat C:\Users\Bekki\AppData\Roaming\skype.ini Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Startet der Rechner nach diesem Fix wieder ganz normal? Poste folgende Logfiles in deiner nächsten Antwort:
__________________ |
31.03.2014, 19:30 | #3 |
| Windows 7 64Bit Sperrbildschirm / FRST txt anbei Hallo Jonas,
__________________dnake für deine Hilfe. Log anbei: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Bekki at 2014-03-31 20:36:12 Run:1 Running from E:\ Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION C:\Users\Bekki\AppData\Roaming\skype.dat C:\Users\Bekki\AppData\Roaming\skype.ini ***************** HKU\S-1-5-21-3002080910-3552495419-504091609-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Bekki\AppData\Roaming\skype.dat => Moved successfully. C:\Users\Bekki\AppData\Roaming\skype.ini => Moved successfully. ==== End of Fixlog ==== |
31.03.2014, 19:37 | #4 |
/// Malwareteam | Windows 7 64Bit Sperrbildschirm / FRST txt anbei Startet der Rechner wieder im Normalen Modus?
__________________ Gruß, Jonas |
31.03.2014, 19:39 | #5 |
| Windows 7 64Bit Sperrbildschirm / FRST txt anbei Ja! und wieder 20 000 Programme im autostart..... |
31.03.2014, 19:44 | #6 |
/// Malwareteam | Windows 7 64Bit Sperrbildschirm / FRST txt anbei Alles klar, dann mache bitte folgendes: Schritt 1 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ --> Windows 7 64Bit Sperrbildschirm / FRST txt anbei |
31.03.2014, 19:55 | #7 |
| Windows 7 64Bit Sperrbildschirm / FRST txt anbeiFRST Logfile: [CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Bekki (administrator) on PC-K on 31-03-2014 20:55:05 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe (Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\spotify.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [atchk] - C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-09-05] (NVIDIA Corporation) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify Web Helper] - C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify] - C:\Users\Bekki\AppData\Roaming\Spotify\Spotify.exe [4489112 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\MountPoints2: {2cf15101-7349-11e1-9941-001e37821500} - E:\LaunchU3.exe -a HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat <==== ATTENTION Lsa: [Notification Packages] scecli ACGina ==================== Internet (Whitelisted) ==================== FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Bekki at 2014-03-31 20:55:37 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Security Suite CBE (Enabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky Security Suite CBE (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Security Suite CBE (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - ) Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP) Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.07 - ) GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 26.0.1410.64 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.4.3607.2246 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.21.145 - Google Inc.) Hidden Intel PROSet Wireless (Version: - ) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version: - ) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation) iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.350 - Oracle) Kaspersky Security Suite CBE 12 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab) Kaspersky Security Suite CBE 12 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.00.0000 - Lenovo Group Limited) Lenovo Patch Utility (HKLM-x32\...\{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}) (Version: 1.3.0.007 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{1C83CB66-D345-4D6C-95A2-63A03269ADA0}) (Version: 1.3.0.007 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.20.0001 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.01.0005 - Lenovo) Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) quäldich.de Tourenplaner (HKLM-x32\...\quaeldich.de Tourenplaner) (Version: 0.9.1 - ) SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices) SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 5.3.4.4 - Uniblue Systems Ltd) Spotify (HKCU\...\Spotify) (Version: 0.8.8.349.g3657a532 - Spotify AB) System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - ) ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.1 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{525A4A44-8940-40AD-ABA0-14501199D2F0}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BD6B5D42-37A7-46A0-912C-E7578E1F03C5}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2178A725-900F-4454-9ADC-D76CFB67BECC} - System32\Tasks\{3179C303-5E86-4975-9A15-437DBA09A0B7} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-11-29] (Apple Inc.) Task: {27037FA4-8CD7-4AC2-AC2D-7F2D5937D149} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {5303695B-C539-40E7-9C18-4B4F58586AE5} - System32\Tasks\{2292904C-D968-429F-A689-90ABD7F3B11E} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-11-29] (Apple Inc.) Task: {794586D1-6228-4C18-8B16-503868420FD7} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2012-11-22] (Uniblue Systems Ltd) Task: {7B8CF497-B258-413D-AF39-97E982B546BE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {7E0DCEDA-ED68-4608-8CB2-0C5AABFC0B3C} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-11-22] (Uniblue Systems Ltd) Task: {A16005EE-2163-42A6-A13C-79B052565C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.) Task: {CC301A44-DD19-4FD1-BB89-9B16CF85958E} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.) Task: {D8243A52-1B00-4AAB-9B14-71344EED0A50} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] () <==== ATTENTION Task: {DCEBAD41-633F-4986-8785-40A8487B4E1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.) Task: {F6F2EAD8-FE07-40EF-8F82-829E30640EBD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe Task: C:\Windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe Task: C:\Windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2012-01-04 12:58 - 2012-03-15 06:07 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2011-10-20 11:12 - 2011-10-20 11:12 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-11-30 19:57 - 2012-11-22 20:43 - 00114056 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\InstallerExtensions.dll 2012-11-30 19:57 - 2012-11-22 20:43 - 00474504 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\de\de.dll 2012-11-30 19:57 - 2012-11-22 20:43 - 00018824 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\cwebpage.dll 2012-12-12 19:52 - 2013-03-13 20:04 - 21938072 _____ () C:\Users\Bekki\AppData\Roaming\Spotify\Data\libcef.dll 2012-04-10 19:18 - 2012-04-10 19:18 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtCore4.dll 2012-04-10 19:18 - 2012-04-10 19:18 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtGui4.dll 2012-04-10 19:18 - 2012-04-10 19:18 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtDeclarative4.dll 2012-04-10 19:18 - 2012-04-10 19:18 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtScript4.dll 2012-04-10 19:18 - 2012-04-10 19:18 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtSql4.dll 2012-04-10 19:18 - 2012-04-10 19:18 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtNetwork4.dll 2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/31/2014 08:51:02 PM) (Source: PC-Doctor) (User: ) Description: (4888) Asapi: (20:51:02:3580)(4888) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317 Error: (03/31/2014 08:51:02 PM) (Source: PC-Doctor) (User: ) Description: (4888) Asapi: (20:51:02:2480)(4888) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317 Error: (03/31/2014 08:40:52 PM) (Source: LMS) (User: NT-AUTORITÄT) Description: LMS Service cannot connect to HECI driver Error: (03/31/2014 07:38:33 PM) (Source: LMS) (User: NT-AUTORITÄT) Description: LMS Service cannot connect to HECI driver Error: (03/31/2014 07:20:01 PM) (Source: PC-Doctor) (User: ) Description: (5180) Asapi: (19:20:01:4010)(5180) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317 Error: (03/31/2014 07:20:01 PM) (Source: PC-Doctor) (User: ) Description: (5180) Asapi: (19:20:01:2760)(5180) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317 Error: (03/31/2014 07:08:06 PM) (Source: LMS) (User: NT-AUTORITÄT) Description: LMS Service cannot connect to HECI driver Error: (05/27/2013 07:29:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 747385 Error: (05/27/2013 07:29:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 747385 Error: (05/27/2013 07:29:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (03/31/2014 08:40:30 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 31.03.2014 um 20:38:33 unerwartet heruntergefahren. Error: (03/31/2014 08:33:53 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD CSC DfsC discache kl2 KLIF KLIM6 lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF Wanarpv6 WfpLwf Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst "NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Microsoft Office Sessions: ========================= Error: (04/24/2012 06:33:46 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 354 seconds with 300 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 2030.3 MB Available physical RAM: 994.84 MB Total Pagefile: 4060.59 MB Available Pagefile: 2494.25 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Preload) (Fixed) (Total:148.37 GB) (Free:20.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: () (Removable) (Total:1.85 GB) (Free:1.81 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1669C708) Partition 1: (Active) - (Size=148 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=694 MB) - (Type=1C) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18) Partition: GPT Partition Type. ==================== End Of Log ============================ --- --- --- |
31.03.2014, 19:58 | #8 |
/// Malwareteam | Windows 7 64Bit Sperrbildschirm / FRST txt anbei Das FRST Logfile ist nicht vollständig, bitte nochmal vollständig in CODE-Tags posten .
__________________ Gruß, Jonas |
31.03.2014, 20:00 | #9 |
| Windows 7 64Bit Sperrbildschirm / FRST txt anbeiFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Bekki (administrator) on PC-K on 31-03-2014 20:55:05 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe (Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\spotify.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [atchk] - C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-09-05] (NVIDIA Corporation) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify Web Helper] - C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify] - C:\Users\Bekki\AppData\Roaming\Spotify\Spotify.exe [4489112 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\MountPoints2: {2cf15101-7349-11e1-9941-001e37821500} - E:\LaunchU3.exe -a HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat <==== ATTENTION Lsa: [Notification Packages] scecli ACGina ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72BDB9C8EFCACC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKCU - {D6025D83-5701-4B05-BF7D-408943F40585} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=B29F9ABE-C3FC-457A-9E61-BECCC20AD501&apn_sauid=3A84F2E8-FDB2-4C12-87BA-07E0F51C7F58 BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO) CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (VLC Web Plugin) - C:\Users\Bekki\Desktop\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-10-08] CHR Extension: (Virtuelle Tastatur) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-10-08] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\urladvisor.crx [2012-04-10] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\virtkbd.crx [2012-04-10] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\ab.crx [2012-04-10] ==================== Services (Whitelisted) ================= R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation) R2 AVP; C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-03-15] (Lenovo.) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [114688 2009-11-30] (Intel Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-11-23] () R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [615728 2012-05-23] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 19:41 - 2014-03-31 20:55 - 00000000 ____D () C:\FRST ==================== One Month Modified Files and Folders ======= 2014-03-31 20:55 - 2014-03-31 19:41 - 00000000 ____D () C:\FRST 2014-03-31 20:51 - 2012-01-04 23:17 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-03-31 20:50 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-31 20:50 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-31 20:48 - 2012-12-12 19:52 - 00000000 ____D () C:\Users\Bekki\AppData\Roaming\Spotify 2014-03-31 20:46 - 2012-01-04 23:18 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-03-31 20:46 - 2009-07-14 12:57 - 00654400 _____ () C:\Windows\system32\perfh007.dat 2014-03-31 20:46 - 2009-07-14 12:57 - 00130240 _____ () C:\Windows\system32\perfc007.dat 2014-03-31 20:46 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-31 20:45 - 2012-01-04 10:38 - 01264551 _____ () C:\Windows\WindowsUpdate.log 2014-03-31 20:44 - 2012-05-23 17:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-31 20:41 - 2012-11-30 19:58 - 00000336 _____ () C:\Windows\Tasks\spmonitor.job 2014-03-31 20:41 - 2012-11-30 12:37 - 00000258 _____ () C:\Windows\Tasks\SpeedUpMyPC.job 2014-03-31 20:41 - 2012-01-04 22:38 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-31 20:40 - 2012-05-24 14:41 - 00008038 _____ () C:\Windows\setupact.log 2014-03-31 20:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-31 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-31 19:15 - 2012-01-04 22:38 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-31 19:10 - 2012-01-04 10:54 - 00000000 ____D () C:\Users\Bekki Some content of TEMP: ==================== C:\Users\Bekki\AppData\Local\Temp\ApnStub.exe C:\Users\Bekki\AppData\Local\Temp\install_reader10_de_gtbp_chra_aih.exe C:\Users\Bekki\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-05-04 11:37 ==================== End Of Log ============================ |
01.04.2014, 14:06 | #10 |
/// Malwareteam | Windows 7 64Bit Sperrbildschirm / FRST txt anbei Schritt 1 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
06.04.2014, 10:44 | #11 |
/// Malwareteam | Windows 7 64Bit Sperrbildschirm / FRST txt anbei Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion ermöglichen.
__________________ Gruß, Jonas |
11.04.2014, 06:15 | #12 |
/// Malwareteam | Windows 7 64Bit Sperrbildschirm / FRST txt anbei Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. Falls du weitermachen willst, schicke mir bitte eine private Nachricht. Jeder andere bitte folgendes lesen: http://www.trojaner-board.de/69886-a...-beachten.html und einen eigenen Thread erstellen.
__________________ Gruß, Jonas |
Themen zu Windows 7 64Bit Sperrbildschirm / FRST txt anbei |
administrator, adobe, avp, browser, desktop, explorer, firefox, homepage, kaspersky, modul, mozilla, notebook, nvidia, pdf, pwmtr64v.dll, registry, rundll, security, services.exe, software, spotify web helper, svchost.exe, system, tastatur, temp, windows, winlogon.exe |