|
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner und was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.07.2014, 08:11 | #1 |
| BKA Trojaner und was nun? Hallo Liebe Leute habe mir offenbar auch einen BKA Trojaner eingefangen. Ich poste hier mal gleich um die Sache abzukürzen die Logfiles die benötigt werden. Wäre wirklich schön wenn mir jemand helfen könnte. VIELEN DANK Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014 Ran by Conrad (administrator) on CONRAD-THINK on 22-07-2014 09:05:35 Running from C:\Users\Conrad\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE () C:\Users\Conrad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Dropbox, Inc.) C:\Users\Conrad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Penny Bee Agent) C:\ProgramData\pennybee\pennybee.exe (Penny Bee Agent) C:\ProgramData\pennybee\wpennybeed.exe (Penny Bee Agent) C:\ProgramData\pennybee\pennybee.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\ShadowExplorer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe und der zweite Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014 Ran by Conrad at 2014-07-22 09:06:20 Running from C:\Users\Conrad\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.) Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.) Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.13665 - Systweak Software) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - ) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects) Crystal Reports für .NET Framework 2.0 Language Pack (x86) - DEU (HKLM-x32\...\{AC94622D-D899-44DF-9857-7DD31958C541}) (Version: 10.2.0 - Business Objects) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.11 - Dolby Laboratories Inc) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) eFuhrpark (HKLM-x32\...\eFuhrpark) (Version: - X4TD) eFuhrpark (x32 Version: 3.50 - X4TD) Hidden Elevated Installer (x32 Version: 3.2.4.0 - Garmin Ltd or its subsidiaries) Hidden ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen) Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation) Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.) ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation) Fingerprint Reader (HKLM\...\{C5BB9380-D729-410A-A440-061EBCADCCB9}) (Version: 5.4.100.232 - AuthenTec, Inc.) FlowFact (HKLM-x32\...\FlowFact) (Version: 18.0.492 - ) Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.6.0.WIN.FullTilt.EU - ) Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{95fb9355-9884-416e-b377-5339fc7ef31a}) (Version: 3.2.4.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.4.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.4.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline) Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless WiFi-Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo App Shop (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 44154 - Intel) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited) Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.47.8420 - Intel(R) Corporation) Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{5B5DEF99-85E9-423D-A1A3-B83202697B09}) (Version: 1.0.0006.00 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Geändert von darnoc861 (22.07.2014 um 08:13 Uhr) Grund: leider die Daten als Anhang dran gewesen! |
22.07.2014, 09:35 | #2 |
/// the machine /// TB-Ausbilder | BKA Trojaner und was nun? Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ |
22.07.2014, 11:50 | #3 |
| BKA Trojaner und was nun? CODE-Tags? :-)
__________________Code:
ATTFilter ComboFix 14-07-21.01 - Conrad 22.07.2014 12:32:57.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3662.200 [GMT 2:00] ausgeführt von:: c:\users\Conrad\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini c:\programdata\Roaming Q:\Autorun.inf . c:\windows\SysWow64\drivers\ntfs.sys . . . ist infiziert!! . . ((((((((((((((((((((((( Dateien erstellt von 2014-06-22 bis 2014-07-22 )))))))))))))))))))))))))))))) . . 2014-07-22 10:44 . 2014-07-22 10:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-22 10:44 . 2014-07-22 10:44 -------- d-----w- c:\users\Büro\AppData\Local\temp 2014-07-22 07:05 . 2014-07-22 07:07 -------- d-----w- C:\FRST 2014-07-22 06:32 . 2014-07-22 06:32 -------- d-----w- c:\users\Conrad\AppData\Roaming\www.shadowexplorer.com 2014-07-22 06:32 . 2014-07-22 06:32 -------- d-----w- c:\program files (x86)\ShadowExplorer 2014-07-21 07:59 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{532B23E3-5DD7-40C4-B38D-3A73395280D9}\mpengine.dll 2014-07-16 08:21 . 2014-07-16 08:21 -------- d-----w- c:\program files (x86)\Citrix 2014-07-16 08:21 . 2014-07-16 08:21 -------- d-----w- c:\users\Conrad\AppData\Local\Citrix 2014-07-14 11:06 . 2014-07-14 11:06 -------- d-----w- c:\users\Conrad\AppData\Local\Apps 2014-07-14 11:06 . 2014-07-21 10:42 -------- d-----w- c:\users\Conrad\AppData\Local\Deployment 2014-07-11 11:22 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2014-07-11 11:22 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2014-07-11 11:22 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2014-07-11 11:22 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2014-07-11 11:22 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2014-07-11 11:18 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2014-07-11 11:16 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-07-11 11:16 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-07-11 11:15 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-07-10 14:45 . 2014-07-10 15:04 -------- d-----w- c:\users\Kaja 2014-07-10 14:40 . 2014-07-10 14:40 -------- d-----w- c:\users\Conrad\AppData\Local\RydPtyKD 2014-07-10 14:40 . 2014-07-10 14:40 -------- d-----w- c:\users\Conrad\AppData\Local\MBRNwMij 2014-07-10 14:40 . 2014-07-10 14:40 -------- d-----w- c:\users\Conrad\AppData\Local\JrggLTmV 2014-07-04 08:03 . 2014-07-04 08:03 -------- d-----w- c:\windows\Sun . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-03 08:41 . 2014-02-05 12:03 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2014-05-07 13:02 . 2014-05-29 14:38 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-25 02:34 . 2014-06-11 16:50 801280 ----a-w- c:\windows\system32\usp10.dll 2014-04-25 02:06 . 2014-06-11 16:50 626688 ----a-w- c:\windows\SysWow64\usp10.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2013-05-25 21:59 433648 ----a-w- c:\programdata\Partner\Partner.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-02-05 12:09 222832 ----a-w- c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-02-05 12:09 222832 ----a-w- c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-02-05 12:09 222832 ----a-w- c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Amazon Cloud Player"="c:\users\Conrad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-05-15 122200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-02-29 133400] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-15 5941344] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-12-20 507744] "Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2013-06-19 156000] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2014-01-06 56000] "Lenovo App Shop"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2013-06-19 156000] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896] . c:\users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-7-12 195248] Dropbox.lnk - c:\users\Conrad\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x] R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x] S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x] S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x] S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x] S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x] S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x] S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x] S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x] S2 pennybee;pennybee;c:\progra~3\pennybee\pennybee.exe;c:\progra~3\pennybee\pennybee.exe [x] S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe;c:\program files (x86)\ShadowExplorer\sesvc.exe [x] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x] S2 wpennybeed;wpennybeed;c:\progra~3\pennybee\wpennybeed.exe;c:\progra~3\pennybee\wpennybeed.exe [x] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x] S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130905.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130905.001\IDSvia64.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x] S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x] S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x] S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-07-21 07:48 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-07-22 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job - c:\program files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-16 08:21] . 2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25 21:59] . 2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25 21:59] . 2014-07-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41] . 2014-07-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41] . 2014-07-22 c:\windows\Tasks\pennybee Runner.job - c:\progra~3\pennybee\pennybee.exe [2014-06-30 08:56] . 2014-07-22 c:\windows\Tasks\RegClean Pro_DEFAULT.job - c:\program files (x86)\RCP\RegCleanPro.exe [2014-07-22 14:43] . 2014-07-22 c:\windows\Tasks\RegClean Pro_UPDATES.job - c:\program files (x86)\RCP\RegCleanPro.exe [2014-07-22 14:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2013-05-25 21:59 750064 ----a-w- c:\programdata\Partner\Partner64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-02-05 12:09 261744 ----a-w- c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-02-05 12:09 261744 ----a-w- c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-02-05 12:09 261744 ----a-w- c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-27 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-27 439064] "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-10 12476520] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248] "TpShocks"="TpShocks.exe" [2012-02-24 382528] "IntelSBA"="c:\program files\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2014-01-06 56000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://rocket-find.com/?f=1&a=rckt_dsites04_14_30_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0Fzz0Dzzzz0C0EtCyD0FtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCyDtC0A0F0E0CtGyEtAyCyEtGyE0FzytAtG0B0A0DyCtGtAyBtAzyyDyE0BtB0B0A0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtB0CyE0ByD0AtG0EtCtC0FtGtCtBtDzytGtCyDtByDtGtDtB0AyBtCyDyBzzyDtDtA0B2Q&cr=1264773545&ir= uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-FlowFact - s:\flowfact\system\flowfactuninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot] "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot] "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-07-22 12:46:53 ComboFix-quarantined-files.txt 2014-07-22 10:46 . Vor Suchlauf: 12 Verzeichnis(se), 361.487.544.320 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 361.945.972.736 Bytes frei . - - End Of File - - E0AE2DE993536C769A052D00C4F31E86 |
23.07.2014, 08:17 | #4 |
/// the machine /// TB-Ausbilder | BKA Trojaner und was nun? Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.07.2014, 11:42 | #5 |
| BKA Trojaner und was nun? SOooo nun habe ich alles ausgeführt und poste mal alle notwendigen Daten Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.07.2014 Suchlauf-Zeit: 10:34:59 Logdatei: Mailwarebyts.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.23.02 Rootkit Datenbank: v2014.07.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Conrad Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 399403 Verstrichene Zeit: 11 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 13 PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [25c91d8535468aac4af5441514ee7e82], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [25c91d8535468aac4af5441514ee7e82], PUP.Optional.RocketFind.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE Rocket, In Quarantäne, [1fcf455def8cb284bf18af1c43bf35cb], PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced System Protector, In Quarantäne, [8c624062bebdd0669634ccfcc33f44bc], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [46a8bce6156661d522a7c9ff7f8345bb], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [4da1aaf82c4f59dd30f2a524db2737c9], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [6c82b3eff18a93a3c0e3d01e2ad8cd33], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [0be3fea4a3d8bc7a763c857fa95bb749], PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System Protector, In Quarantäne, [a747129082f9e74f90ccae5c37cd8e72], PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [8f5ff3aff586aa8ce678d139659fd030], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [618d4959215a89ad3de43990bc46916f], PUP.Optional.RocketFind.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE Rocket, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], PUP.Optional.Updater.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Digital Sites, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R2Y1I1P1N0J1U1C, In Quarantäne, [0be3fea4a3d8bc7a763c857fa95bb749] Registrierungsdaten: 1 PUP.Optional.RocketFind.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://rocket-find.com/?f=1&a=rckt_dsites04_14_30_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0Fzz0Dzzzz0C0EtCyD0FtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCyDtC0A0F0E0CtGyEtAyCyEtGyE0FzytAtG0B0A0DyCtGtAyBtAzyyDyE0BtB0B0A0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtB0CyE0ByD0AtG0EtCtC0FtGtCtBtDzytGtCyDtByDtGtDtB0AyBtCyDyBzzyDtDtA0B2Q&cr=1264773545&ir=, Gut: (www.google.com), Schlecht: (hxxp://rocket-find.com/?f=1&a=rckt_dsites04_14_30_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0Fzz0Dzzzz0C0EtCyD0FtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCyDtC0A0F0E0CtGyEtAyCyEtGyE0FzytAtG0B0A0DyCtGtAyBtAzyyDyE0BtB0B0A0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtB0CyE0ByD0AtG0EtCtC0FtGtCtBtDzytGtCyDtByDtGtDtB0AyBtCyDyBzzyDtDtA0B2Q&cr=1264773545&ir=),Ersetzt,[747ad5cd5a21dd59ad671c88c242b848] Ordner: 11 PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, In Quarantäne, [27c7e9b9f58620169ff0c11552b033cd], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RocketFind.A, C:\Users\Conrad\AppData\Roaming\RocketUpdater\UpdateProc, In Quarantäne, [2dc180227803f83e907fdfde758d28d8], PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\bh, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], PUP.Optional.SystemSpeedup, C:\Users\Conrad\AppData\Roaming\Systweak\ssd, In Quarantäne, [5d912b77e7947bbb5a595a6418ea6a96], PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], Dateien: 35 PUP.Optional.Somoto.A, C:\Users\Conrad\Downloads\7ZipSetup.exe, In Quarantäne, [ca24a3ff601b5bdb170dd8603cc4fb05], PUP.Optional.OpenCandy, C:\Users\Conrad\Downloads\PhotoScape_V3.6.5.exe, In Quarantäne, [4f9f960c2a51c76f7428557e6b99b947], PUP.Optional.AdvancedSystemProtector, C:\Users\Public\Desktop\Advanced System Protector.lnk, In Quarantäne, [8b63c1e10d6e6fc709070ebb49b9e11f], PUP.Optional.RegCleanPro.A, C:\Windows\System32\Tasks\RegClean Pro_DEFAULT, In Quarantäne, [57973b67aecdfc3ac9f6d1faad55f709], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, In Quarantäne, [27c7e9b9f58620169ff0c11552b033cd], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro entfernen.lnk, In Quarantäne, [27c7e9b9f58620169ff0c11552b033cd], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, In Quarantäne, [27c7e9b9f58620169ff0c11552b033cd], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Register Advanced System Protector.lnk, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector entfernen.lnk, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector Trouble Shooter.lnk, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector.lnk, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], PUP.Optional.RegCleanerPro.J, C:\Windows\Tasks\RegClean Pro_UPDATES.job, In Quarantäne, [3ab400a2b4c71a1c6694648c29d9e41c], PUP.Optional.RegCleanPro.A, C:\Windows\Tasks\RegClean Pro_DEFAULT.job, In Quarantäne, [2dc17c260a71280e480a6c97b74d58a8], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_07-22-2014.log, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_07-23-2014.log, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [44aafba70576989e90b2a204d929f010], PUP.Optional.RocketFind.A, C:\Users\Conrad\AppData\Roaming\RocketUpdater\UpdateProc\config.dat, In Quarantäne, [2dc180227803f83e907fdfde758d28d8], PUP.Optional.RocketFind.A, C:\Users\Conrad\AppData\Roaming\RocketUpdater\UpdateProc\info.dat, In Quarantäne, [2dc180227803f83e907fdfde758d28d8], PUP.Optional.RocketFind.A, C:\Users\Conrad\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe, In Quarantäne, [2dc180227803f83e907fdfde758d28d8], PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\FavIcon.ico, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\Sqlite3.dll, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\uninst.dat, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\uninstall.exe, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], PUP.Optional.SystemSpeedup, C:\Users\Conrad\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [5d912b77e7947bbb5a595a6418ea6a96], PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], PUP.Optional.Conduit.A, C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=", "hxxp://www.google.de/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=" ],), Ersetzt,[925c5f43e5969e98131cd20d0202748c] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 10:56:53 # Aktualisiert 17/07/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Conrad - CONRAD-THINK # Gestartet von : C:\Users\Conrad\Desktop\adwcleaner_3.216.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : Partner Service ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\ProgramData\PennyBee Ordner Gelöscht : C:\ProgramData\Systweak Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it! Ordner Gelöscht : C:\Program Files (x86)\openit Ordner Gelöscht : C:\Windows\util Ordner Gelöscht : C:\Users\Conrad\AppData\LocalLow\PennyBee Ordner Gelöscht : C:\Users\Conrad\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z Ordner Gelöscht : C:\Users\Conrad\AppData\Roaming\DigitalSites Ordner Gelöscht : C:\Users\Conrad\AppData\Roaming\RocketUpdater Ordner Gelöscht : C:\Users\Conrad\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk Datei Gelöscht : C:\Windows\System32\roboot64.exe Datei Gelöscht : C:\Windows\System32\sasnative64.exe Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : HKCU\Software\dsiteproducts Schlüssel Gelöscht : HKCU\Software\Rocket Browser Schlüssel Gelöscht : HKCU\Software\RocketUpdater Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\WSE Rocket Schlüssel Gelöscht : HKLM\Software\InstallCore Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it! Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v36.0.1985.125 [ Datei : C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN31174045182613080&ctid=CT3281675&UM=2 Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV= Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV= Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh ************************* AdwCleaner[R0].txt - [6039 octets] - [23/07/2014 10:56:24] AdwCleaner[S0].txt - [5549 octets] - [23/07/2014 10:56:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5609 octets] ########## Nummer 3 Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Conrad on 23.07.2014 at 11:02:00,14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{123263B7-5B6E-4F36-96F0-1658100E1C98} Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{2A5A6D80-7C0A-426D-BAF8-B4946C69A57D} Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{2DBF8605-D48C-4998-A503-2E683079A5CB} Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{7709159B-DDC7-4D7C-BDB9-BC18FC58B682} Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{81E25774-DEA3-449D-8464-D8003E6294D0} Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{99DF9714-334E-4EF2-9AFC-087EE187C7F4} Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{A6C595E9-FCBB-4DA5-BD15-889189C2E15E} Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{E20C7B5C-1208-4ACF-AFE3-95C9F0154820} Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{E377DCE5-0EB2-4A7B-AC82-3CD2E0D85D51} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.07.2014 at 11:09:28,09 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und als letztes FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 Ran by Conrad (administrator) on CONRAD-THINK on 23-07-2014 12:34:06 Running from C:\Users\Conrad\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] => TpShocks.exe HKLM\...\Run: [IntelSBA] => C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe [56000 2014-01-06] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-29] (Intel Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-06-19] (Intel Corporation) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [5293248 2014-01-06] (Intel Corporation) HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-06-19] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2664929658-1551457082-1331067265-1000\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2664929658-1551457082-1331067265-1002\...\Run: [Amazon Cloud Player] => C:\Users\Conrad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] () HKU\S-1-5-21-2664929658-1551457082-1331067265-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-05-15] (Garmin Ltd or its subsidiaries) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-07] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-07] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Conrad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Conrad\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Conrad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2013-08-10] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-07-23] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-26] Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=", "hxxp://www.google.de/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (TrueSuite) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll (AuthenTec, Inc) CHR Plugin: (Norton Confidential) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( ) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Extension: (Website Logon) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj [2013-08-10] CHR Extension: (Any.do Extension) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-01-21] CHR Extension: (Norton Identity Protection) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-10] CHR Extension: (Google Wallet) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-13] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-08-14] ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] () R2 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-23] (Nitro PDF Software) R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) S2 pennybee; "C:\PROGRA~3\pennybee\pennybee.exe" /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1004 /affId=10040007 /appId=116 /uId={82680281-2142-43EC-B4C5-C36575434FC9-2014_07_22} /version=1.1.0.13 /Override=0 /regAppName=pennybee /curSID=S-1-5-21-2664929658-1551457082-1331067265-1002 /logf=C:\Users\Conrad\AppData\Local\10040007_loger_23_07_10_50_34_538432491.txt /mac=B888E3F8D88C /tst=none /ts2=1 S2 wpennybeed; "C:\PROGRA~3\pennybee\wpennybeed.exe" -scm [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-08-14] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130905.033\ENG64.SYS [126040 2013-08-29] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130905.033\EX64.SYS [2099288 2013-08-29] (Symantec Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-08-11] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-23 12:34 - 2014-07-23 12:34 - 00032026 _____ () C:\Users\Conrad\Desktop\FRST.txt 2014-07-23 12:33 - 2014-07-23 12:33 - 02091520 _____ (Farbar) C:\Users\Conrad\Desktop\FRST64.exe 2014-07-23 12:33 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\Conrad\Desktop\FRST-OlderVersion 2014-07-23 12:28 - 2014-07-23 12:28 - 00035703 _____ () C:\ComboFix.txt 2014-07-23 11:09 - 2014-07-23 11:09 - 00001591 _____ () C:\Users\Conrad\Desktop\JRT.txt 2014-07-23 11:01 - 2014-07-23 11:01 - 01016261 _____ (Thisisu) C:\Users\Conrad\Downloads\JRT.exe 2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Windows\ERUNT 2014-07-23 10:56 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner 2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Downloads\adwcleaner_3.216.exe 2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Desktop\adwcleaner_3.216.exe 2014-07-23 10:53 - 2014-07-23 11:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Beseitigung 2014-07-23 10:34 - 2014-07-23 10:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-23 10:33 - 2014-07-23 10:33 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-23 10:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-23 10:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-23 10:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-23 10:30 - 2014-07-23 10:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-22 12:30 - 2014-07-23 11:11 - 05562024 ____R (Swearware) C:\Users\Conrad\Desktop\ComboFix.exe 2014-07-22 10:55 - 2014-07-23 12:28 - 00000000 ____D () C:\Qoobox 2014-07-22 10:55 - 2014-07-22 12:45 - 00000000 ____D () C:\Windows\erdnt 2014-07-22 10:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-07-22 10:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-07-22 10:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-07-22 10:53 - 2014-07-22 10:54 - 05562504 ____R (Swearware) C:\Users\Conrad\Downloads\ComboFix.exe 2014-07-22 10:14 - 2014-07-22 10:14 - 05840418 _____ () C:\Users\Conrad\Downloads\scareuncrypt.zip 2014-07-22 10:14 - 2014-07-22 10:14 - 00000000 ____D () C:\Users\Conrad\Downloads\scareuncrypt 2014-07-22 10:07 - 2014-07-22 10:16 - 340465664 _____ () C:\Users\Conrad\Downloads\kav_rescue_10-0513 (1).iso 2014-07-22 09:56 - 2014-07-22 09:56 - 00000043 _____ () C:\Users\Conrad\AppData\Roaming\WB.CFG 2014-07-22 09:06 - 2014-07-22 09:07 - 00043846 _____ () C:\Users\Conrad\Downloads\Addition.txt 2014-07-22 09:05 - 2014-07-23 12:34 - 00000000 ____D () C:\FRST 2014-07-22 09:05 - 2014-07-22 09:07 - 00075019 _____ () C:\Users\Conrad\Downloads\FRST.txt 2014-07-22 09:05 - 2014-07-22 09:05 - 02090496 _____ (Farbar) C:\Users\Conrad\Downloads\FRST64.exe 2014-07-22 08:41 - 2014-07-22 08:41 - 03084860 _____ () C:\Users\Conrad\Downloads\Beispielbilder_Win7.zip 2014-07-22 08:37 - 2014-07-22 08:37 - 00149694 _____ () C:\Users\Conrad\Downloads\DecryptHelper-0.5.3.exe 2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptHelper.txt 2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptException.txt 2014-07-22 08:32 - 2014-07-22 08:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Conrad\Downloads\ShadowExplorer-0.9-setup.exe 2014-07-22 08:32 - 2014-07-22 08:32 - 00001900 _____ () C:\Users\Conrad\Desktop\ShadowExplorer.lnk 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\www.shadowexplorer.com 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer 2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP 2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe 2014-07-22 08:14 - 2014-07-22 08:15 - 00000000 ____D () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1 2014-07-22 08:14 - 2014-07-22 08:14 - 00062065 _____ () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1.zip 2014-07-21 12:42 - 2014-07-21 12:42 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (2).exe 2014-07-18 08:57 - 2014-07-18 08:57 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (1).exe 2014-07-17 15:09 - 2014-07-17 15:09 - 04541084 _____ () C:\Users\Conrad\Downloads\Video FlowFact Prozess Management WMV.wmv 2014-07-17 11:00 - 2014-07-17 11:00 - 00004599 _____ () C:\Users\Conrad\Downloads\Performer CRM_ FLOWFACT Mobile .ics 2014-07-16 10:21 - 2014-07-23 12:13 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job 2014-07-16 10:21 - 2014-07-16 10:21 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002 2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Citrix 2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-07-14 13:06 - 2014-07-21 12:42 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Deployment 2014-07-14 13:06 - 2014-07-14 13:06 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client.exe 2014-07-14 13:06 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Apps\2.0 2014-07-11 13:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-11 13:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-11 13:21 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-11 13:21 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-11 13:21 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-11 13:21 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-11 13:21 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-11 13:18 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-11 13:17 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-11 13:17 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-11 13:17 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-11 13:17 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-11 13:17 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-11 13:17 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-11 13:17 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-11 13:17 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-11 13:17 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-11 13:17 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-11 13:17 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-11 13:17 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-11 13:17 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-11 13:17 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-11 13:17 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-11 13:17 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-11 13:17 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-11 13:17 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-11 13:17 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-11 13:17 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-11 13:17 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-11 13:17 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-11 13:17 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-11 13:17 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-11 13:17 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-11 13:17 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-11 13:17 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-11 13:17 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-11 13:17 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-11 13:17 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-11 13:17 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-11 13:17 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-11 13:17 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-11 13:17 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-11 13:17 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-11 13:17 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-11 13:17 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-11 13:17 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-11 13:17 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-11 13:17 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-11 13:17 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-11 13:17 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-11 13:17 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-11 13:17 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-11 13:17 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-11 13:17 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-11 13:17 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-11 13:17 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-11 13:17 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-11 13:17 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-11 13:17 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-11 13:17 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-11 13:17 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-11 13:17 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-11 13:17 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-11 13:17 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-11 13:16 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-11 13:16 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-11 13:15 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-10 17:00 - 2014-07-10 17:00 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\PwrMgr 2014-07-10 16:51 - 2014-07-10 16:51 - 00000000 ____D () C:\Users\Kaja\AppData\Local\LSC 2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\LSC 2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe 2014-07-10 16:47 - 2014-07-10 17:03 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Lenovo 2014-07-10 16:47 - 2014-07-10 17:03 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Lenovo 2014-07-10 16:47 - 2014-07-10 16:47 - 00130392 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-10 16:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Leadertech 2014-07-10 16:46 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Adobe 2014-07-10 16:46 - 2014-07-10 16:46 - 00000000 _____ () C:\Users\Kaja\agent.log 2014-07-10 16:45 - 2014-07-10 17:04 - 00000000 ____D () C:\Users\Kaja 2014-07-10 16:45 - 2014-07-10 16:46 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Google 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Vorlagen 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Startmenü 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Netzwerkumgebung 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Lokale Einstellungen 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Eigene Dateien 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Druckumgebung 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Musik 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Bilder 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Verlauf 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Anwendungsdaten 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Anwendungsdaten 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Intel 2014-07-10 16:45 - 2013-05-25 23:51 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Macromedia 2014-07-10 16:40 - 2014-07-10 16:42 - 00104552 _____ () C:\Users\Conrad\Desktop\XSWXmkCZ.zip 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\RydPtyKD 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\MBRNwMij 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\JrggLTmV 2014-07-04 10:03 - 2014-07-04 10:03 - 00000000 ____D () C:\Windows\Sun ==================== One Month Modified Files and Folders ======= 2014-07-23 12:34 - 2014-07-23 12:34 - 00032026 _____ () C:\Users\Conrad\Desktop\FRST.txt 2014-07-23 12:34 - 2014-07-22 09:05 - 00000000 ____D () C:\FRST 2014-07-23 12:33 - 2014-07-23 12:33 - 02091520 _____ (Farbar) C:\Users\Conrad\Desktop\FRST64.exe 2014-07-23 12:33 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\Conrad\Desktop\FRST-OlderVersion 2014-07-23 12:28 - 2014-07-23 12:28 - 00035703 _____ () C:\ComboFix.txt 2014-07-23 12:28 - 2014-07-22 10:55 - 00000000 ____D () C:\Qoobox 2014-07-23 12:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-07-23 12:23 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-23 12:23 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-23 12:21 - 2013-05-26 09:27 - 00718150 _____ () C:\Windows\system32\perfh007.dat 2014-07-23 12:21 - 2013-05-26 09:27 - 00155646 _____ () C:\Windows\system32\perfc007.dat 2014-07-23 12:21 - 2009-07-14 07:13 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-23 12:20 - 2013-05-25 23:40 - 01920262 _____ () C:\Windows\WindowsUpdate.log 2014-07-23 12:19 - 2013-08-10 15:44 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\Nitro PDF 2014-07-23 12:17 - 2014-05-22 20:11 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\DropboxMaster 2014-07-23 12:17 - 2013-08-11 10:50 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\Dropbox 2014-07-23 12:17 - 2013-05-25 23:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-23 12:17 - 2013-05-25 23:43 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-07-23 12:16 - 2010-11-21 05:47 - 00175268 _____ () C:\Windows\PFRO.log 2014-07-23 12:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-23 12:16 - 2009-07-14 06:51 - 00069063 _____ () C:\Windows\setupact.log 2014-07-23 12:13 - 2014-07-16 10:21 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job 2014-07-23 11:51 - 2013-05-25 23:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-23 11:11 - 2014-07-22 12:30 - 05562024 ____R (Swearware) C:\Users\Conrad\Desktop\ComboFix.exe 2014-07-23 11:09 - 2014-07-23 11:09 - 00001591 _____ () C:\Users\Conrad\Desktop\JRT.txt 2014-07-23 11:09 - 2014-07-23 10:53 - 00000000 ____D () C:\Users\Conrad\Desktop\Beseitigung 2014-07-23 11:09 - 2013-08-10 15:39 - 00105592 _____ () C:\Users\Conrad\AppData\Roaming\AbsoluteReminder.xml 2014-07-23 11:01 - 2014-07-23 11:01 - 01016261 _____ (Thisisu) C:\Users\Conrad\Downloads\JRT.exe 2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Windows\ERUNT 2014-07-23 10:56 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner 2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Downloads\adwcleaner_3.216.exe 2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Desktop\adwcleaner_3.216.exe 2014-07-23 10:52 - 2014-07-23 10:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-23 10:33 - 2014-07-23 10:33 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-23 10:31 - 2014-07-23 10:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-23 10:30 - 2013-05-25 23:43 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-07-22 12:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-07-22 12:45 - 2014-07-22 10:55 - 00000000 ____D () C:\Windows\erdnt 2014-07-22 10:55 - 2014-05-31 12:01 - 00002010 ____H () C:\Users\Conrad\Documents\Default.rdp 2014-07-22 10:54 - 2014-07-22 10:53 - 05562504 ____R (Swearware) C:\Users\Conrad\Downloads\ComboFix.exe 2014-07-22 10:16 - 2014-07-22 10:07 - 340465664 _____ () C:\Users\Conrad\Downloads\kav_rescue_10-0513 (1).iso 2014-07-22 10:14 - 2014-07-22 10:14 - 05840418 _____ () C:\Users\Conrad\Downloads\scareuncrypt.zip 2014-07-22 10:14 - 2014-07-22 10:14 - 00000000 ____D () C:\Users\Conrad\Downloads\scareuncrypt 2014-07-22 09:56 - 2014-07-22 09:56 - 00000043 _____ () C:\Users\Conrad\AppData\Roaming\WB.CFG 2014-07-22 09:07 - 2014-07-22 09:06 - 00043846 _____ () C:\Users\Conrad\Downloads\Addition.txt 2014-07-22 09:07 - 2014-07-22 09:05 - 00075019 _____ () C:\Users\Conrad\Downloads\FRST.txt 2014-07-22 09:05 - 2014-07-22 09:05 - 02090496 _____ (Farbar) C:\Users\Conrad\Downloads\FRST64.exe 2014-07-22 08:41 - 2014-07-22 08:41 - 03084860 _____ () C:\Users\Conrad\Downloads\Beispielbilder_Win7.zip 2014-07-22 08:37 - 2014-07-22 08:37 - 00149694 _____ () C:\Users\Conrad\Downloads\DecryptHelper-0.5.3.exe 2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptHelper.txt 2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptException.txt 2014-07-22 08:32 - 2014-07-22 08:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Conrad\Downloads\ShadowExplorer-0.9-setup.exe 2014-07-22 08:32 - 2014-07-22 08:32 - 00001900 _____ () C:\Users\Conrad\Desktop\ShadowExplorer.lnk 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\www.shadowexplorer.com 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer 2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP 2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe 2014-07-22 08:15 - 2014-07-22 08:14 - 00000000 ____D () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1 2014-07-22 08:14 - 2014-07-22 08:14 - 00062065 _____ () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1.zip 2014-07-21 12:42 - 2014-07-21 12:42 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (2).exe 2014-07-21 12:42 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Deployment 2014-07-18 08:57 - 2014-07-18 08:57 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (1).exe 2014-07-17 15:09 - 2014-07-17 15:09 - 04541084 _____ () C:\Users\Conrad\Downloads\Video FlowFact Prozess Management WMV.wmv 2014-07-17 11:00 - 2014-07-17 11:00 - 00004599 _____ () C:\Users\Conrad\Downloads\Performer CRM_ FLOWFACT Mobile .ics 2014-07-16 10:21 - 2014-07-16 10:21 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002 2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Citrix 2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-07-14 13:06 - 2014-07-14 13:06 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client.exe 2014-07-14 13:06 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Apps\2.0 2014-07-12 13:14 - 2013-08-15 14:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-07-12 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-12 12:46 - 2014-02-05 13:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-12 03:19 - 2009-07-14 06:45 - 00490576 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-12 03:18 - 2014-06-01 12:57 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-12 03:18 - 2011-12-08 22:03 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-12 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-12 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-10 17:04 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja 2014-07-10 17:04 - 2014-02-10 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-07-10 17:04 - 2014-01-26 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-10 17:04 - 2013-08-10 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo App Shop 2014-07-10 17:04 - 2013-08-10 16:12 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0 2014-07-10 17:04 - 2013-08-10 15:39 - 00000000 ____D () C:\Users\Conrad 2014-07-10 17:04 - 2013-05-25 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby 2014-07-10 17:03 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Lenovo 2014-07-10 17:03 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Lenovo 2014-07-10 17:03 - 2014-06-09 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-07-10 17:03 - 2014-05-29 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-10 17:03 - 2014-05-25 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-07-10 17:03 - 2014-04-04 17:37 - 00000000 ____D () C:\Users\Büro 2014-07-10 17:03 - 2014-03-12 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFuhrpark 2014-07-10 17:03 - 2014-02-11 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu 2014-07-10 17:03 - 2014-02-10 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2014-07-10 17:03 - 2014-02-06 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-10 17:03 - 2014-02-05 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-07-10 17:03 - 2013-10-31 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps 2014-07-10 17:03 - 2013-08-30 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-07-10 17:03 - 2013-08-10 17:14 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-07-10 17:03 - 2013-08-10 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software 2014-07-10 17:03 - 2013-05-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation 2014-07-10 17:03 - 2013-05-26 00:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-07-10 17:03 - 2013-05-26 00:03 - 00000000 ____D () C:\ProgramData\Norton 2014-07-10 17:03 - 2013-05-26 00:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-07-10 17:03 - 2013-05-25 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-10 17:03 - 2013-05-25 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader 2014-07-10 17:03 - 2013-05-25 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory Lenovo Edition 2014-07-10 17:03 - 2013-05-25 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2014-07-10 17:03 - 2013-05-25 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel 2014-07-10 17:03 - 2013-05-25 23:50 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2014-07-10 17:03 - 2013-05-25 23:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2014-07-10 17:03 - 2013-05-25 23:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-07-10 17:03 - 2011-12-08 22:02 - 00000000 ____D () C:\Windows\ShellNew 2014-07-10 17:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-07-10 17:02 - 2013-08-13 11:49 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-07-10 17:00 - 2014-07-10 17:00 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\PwrMgr 2014-07-10 16:51 - 2014-07-10 16:51 - 00000000 ____D () C:\Users\Kaja\AppData\Local\LSC 2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\LSC 2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe 2014-07-10 16:50 - 2014-07-10 16:46 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Adobe 2014-07-10 16:47 - 2014-07-10 16:47 - 00130392 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-10 16:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Leadertech 2014-07-10 16:46 - 2014-07-10 16:46 - 00000000 _____ () C:\Users\Kaja\agent.log 2014-07-10 16:46 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Google 2014-07-10 16:46 - 2014-02-20 11:11 - 00000000 ____D () C:\Users\Conrad\Documents\Unterlagen Mietinteressenten 2014-07-10 16:46 - 2014-01-02 09:02 - 00000000 ____D () C:\Users\Conrad\Documents\Ba 2014-07-10 16:46 - 2013-10-31 12:11 - 00000000 ____D () C:\Users\Conrad\Documents\Steuerfälle 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Vorlagen 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Startmenü 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Netzwerkumgebung 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Lokale Einstellungen 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Eigene Dateien 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Druckumgebung 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Musik 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Bilder 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Verlauf 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Anwendungsdaten 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Anwendungsdaten 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Intel 2014-07-10 16:42 - 2014-07-10 16:40 - 00104552 _____ () C:\Users\Conrad\Desktop\XSWXmkCZ.zip 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\RydPtyKD 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\MBRNwMij 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\JrggLTmV 2014-07-10 16:40 - 2014-02-18 12:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Messe 2014 2014-07-10 16:40 - 2014-01-10 16:20 - 00000000 ____D () C:\Users\Conrad\Desktop\Avaya 2014-07-10 16:40 - 2014-01-10 15:33 - 00000000 ____D () C:\Users\Conrad\Desktop\Urlaub 2014 2014-07-10 16:40 - 2014-01-09 21:39 - 00000000 ____D () C:\Users\Conrad\Desktop\Englisch 2014-07-10 16:40 - 2014-01-03 12:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Projekt Flowfact 2014-07-10 16:40 - 2013-12-01 14:28 - 00000000 ____D () C:\Users\Conrad\Desktop\Steuer2013 2014-07-10 16:40 - 2013-12-01 14:21 - 00000000 ____D () C:\Users\Conrad\Desktop\Lohn 2014-07-10 16:40 - 2013-08-20 12:36 - 00000000 ____D () C:\Users\Conrad\Desktop\BA 2014-07-07 15:54 - 2014-02-10 12:24 - 00002053 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2014-07-07 15:54 - 2014-02-10 12:24 - 00002051 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2014-07-07 15:54 - 2014-02-10 12:24 - 00002041 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2014-07-04 10:03 - 2014-07-04 10:03 - 00000000 ____D () C:\Windows\Sun 2014-06-30 04:09 - 2014-07-11 13:21 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-11 13:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-23 00:46 - 2013-05-25 23:59 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-23 00:46 - 2013-05-25 23:59 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-12 13:07 ==================== End Of Log ============================ --- --- --- erneut Vielen Dank für die Hilfe ! :-) |
24.07.2014, 09:30 | #6 |
/// the machine /// TB-Ausbilder | BKA Trojaner und was nun?ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> BKA Trojaner und was nun? |
24.07.2014, 11:51 | #7 |
| BKA Trojaner und was nun?Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=45791e0a129fdb45a33b4ed47bc709a6 # engine=19325 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-07-24 09:52:45 # local_time=2014-07-24 11:52:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton Internet Security' # compatibility_mode=3591 16777213 100 95 29289912 168792150 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 168026 157825415 0 0 # scanned=178914 # found=6 # cleaned=0 # scan_time=3756 sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Conrad\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir" sh=0C9901BB504B8B0B186897503DF7F8E570FF53F9 ft=1 fh=5bbb197ca4951648 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\AspManager.exe" sh=B3A736455F1FE0B40D585B6BB8E02A700153B008 ft=1 fh=3320d2a9bc3f6d8b vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\filetypehelper.exe" sh=BFE2580847B94363149D083E02ABB479983477CC ft=1 fh=c50f6c31fb2164d8 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\scandll.dll" sh=A33D60E7C118DF178EF0BE1DC2841233AFF0C741 ft=1 fh=4197c0f1cbcf4ac1 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Conrad\Downloads\Shockwave_Installer_Slim.exe" sh=9D72B3F427A55C87C32B7793D9550400F1DFB30C ft=1 fh=c71c001144b86a7c vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conrad\Downloads\ZipSetup.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader XI Mozilla Thunderbird (24.3.0) Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Intel Intel(R) Small Business Advantage UI IntelSmallBusinessAdvantage.exe Intel Intel(R) Small Business Advantage Service Intel.SmallBusinessAdvantage.WindowsService.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 Ran by Conrad (administrator) on CONRAD-THINK on 24-07-2014 12:43:09 Running from C:\Users\Conrad\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] => TpShocks.exe HKLM\...\Run: [IntelSBA] => C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe [56000 2014-01-06] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-29] (Intel Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-06-19] (Intel Corporation) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [5293248 2014-01-06] (Intel Corporation) HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-06-19] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2664929658-1551457082-1331067265-1000\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2664929658-1551457082-1331067265-1002\...\Run: [Amazon Cloud Player] => C:\Users\Conrad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] () HKU\S-1-5-21-2664929658-1551457082-1331067265-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-05-15] (Garmin Ltd or its subsidiaries) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-07] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-07] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Conrad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Conrad\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Conrad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2013-08-10] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-07-23] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-26] Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=", "hxxp://www.google.de/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (TrueSuite) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll (AuthenTec, Inc) CHR Plugin: (Norton Confidential) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( ) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Extension: (Website Logon) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj [2013-08-10] CHR Extension: (Any.do Extension) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-01-21] CHR Extension: (Norton Identity Protection) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-10] CHR Extension: (Google Wallet) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-13] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] () R2 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-23] (Nitro PDF Software) R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) S2 pennybee; "C:\PROGRA~3\pennybee\pennybee.exe" /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1004 /affId=10040007 /appId=116 /uId={82680281-2142-43EC-B4C5-C36575434FC9-2014_07_22} /version=1.1.0.13 /Override=0 /regAppName=pennybee /curSID=S-1-5-21-2664929658-1551457082-1331067265-1002 /logf=C:\Users\Conrad\AppData\Local\10040007_loger_23_07_10_50_34_538432491.txt /mac=B888E3F8D88C /tst=none /ts2=1 S2 wpennybeed; "C:\PROGRA~3\pennybee\wpennybeed.exe" -scm [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-08-14] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130905.033\ENG64.SYS [126040 2013-08-29] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130905.033\EX64.SYS [2099288 2013-08-29] (Symantec Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-08-11] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-24 12:43 - 2014-07-24 12:43 - 00033743 _____ () C:\Users\Conrad\Desktop\FRST.txt 2014-07-24 12:34 - 2014-07-24 12:34 - 00854390 _____ () C:\Users\Conrad\Downloads\SecurityCheck.exe 2014-07-24 12:34 - 2014-07-24 12:34 - 00854390 _____ () C:\Users\Conrad\Desktop\SecurityCheck.exe 2014-07-24 10:46 - 2014-07-24 10:46 - 02347384 _____ (ESET) C:\Users\Conrad\Downloads\esetsmartinstaller_deu.exe 2014-07-23 12:33 - 2014-07-24 12:43 - 02093568 _____ (Farbar) C:\Users\Conrad\Desktop\FRST64.exe 2014-07-23 12:33 - 2014-07-24 12:43 - 00000000 ____D () C:\Users\Conrad\Desktop\FRST-OlderVersion 2014-07-23 12:28 - 2014-07-23 12:28 - 00035703 _____ () C:\ComboFix.txt 2014-07-23 11:09 - 2014-07-23 11:09 - 00001591 _____ () C:\Users\Conrad\Desktop\JRT.txt 2014-07-23 11:01 - 2014-07-23 11:01 - 01016261 _____ (Thisisu) C:\Users\Conrad\Downloads\JRT.exe 2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Windows\ERUNT 2014-07-23 10:56 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner 2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Downloads\adwcleaner_3.216.exe 2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Desktop\adwcleaner_3.216.exe 2014-07-23 10:53 - 2014-07-24 12:42 - 00000000 ____D () C:\Users\Conrad\Desktop\Beseitigung 2014-07-23 10:34 - 2014-07-23 10:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-23 10:33 - 2014-07-23 10:33 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-23 10:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-23 10:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-23 10:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-23 10:30 - 2014-07-23 10:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-22 12:30 - 2014-07-23 11:11 - 05562024 ____R (Swearware) C:\Users\Conrad\Desktop\ComboFix.exe 2014-07-22 10:55 - 2014-07-23 12:28 - 00000000 ____D () C:\Qoobox 2014-07-22 10:55 - 2014-07-22 12:45 - 00000000 ____D () C:\Windows\erdnt 2014-07-22 10:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-07-22 10:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-07-22 10:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-07-22 10:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-07-22 10:53 - 2014-07-22 10:54 - 05562504 ____R (Swearware) C:\Users\Conrad\Downloads\ComboFix.exe 2014-07-22 10:14 - 2014-07-22 10:14 - 05840418 _____ () C:\Users\Conrad\Downloads\scareuncrypt.zip 2014-07-22 10:14 - 2014-07-22 10:14 - 00000000 ____D () C:\Users\Conrad\Downloads\scareuncrypt 2014-07-22 10:07 - 2014-07-22 10:16 - 340465664 _____ () C:\Users\Conrad\Downloads\kav_rescue_10-0513 (1).iso 2014-07-22 09:56 - 2014-07-22 09:56 - 00000043 _____ () C:\Users\Conrad\AppData\Roaming\WB.CFG 2014-07-22 09:06 - 2014-07-22 09:07 - 00043846 _____ () C:\Users\Conrad\Downloads\Addition.txt 2014-07-22 09:05 - 2014-07-24 12:43 - 00000000 ____D () C:\FRST 2014-07-22 09:05 - 2014-07-22 09:07 - 00075019 _____ () C:\Users\Conrad\Downloads\FRST.txt 2014-07-22 09:05 - 2014-07-22 09:05 - 02090496 _____ (Farbar) C:\Users\Conrad\Downloads\FRST64.exe 2014-07-22 08:41 - 2014-07-22 08:41 - 03084860 _____ () C:\Users\Conrad\Downloads\Beispielbilder_Win7.zip 2014-07-22 08:37 - 2014-07-22 08:37 - 00149694 _____ () C:\Users\Conrad\Downloads\DecryptHelper-0.5.3.exe 2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptHelper.txt 2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptException.txt 2014-07-22 08:32 - 2014-07-22 08:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Conrad\Downloads\ShadowExplorer-0.9-setup.exe 2014-07-22 08:32 - 2014-07-22 08:32 - 00001900 _____ () C:\Users\Conrad\Desktop\ShadowExplorer.lnk 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\www.shadowexplorer.com 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer 2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP 2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe 2014-07-22 08:14 - 2014-07-22 08:15 - 00000000 ____D () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1 2014-07-22 08:14 - 2014-07-22 08:14 - 00062065 _____ () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1.zip 2014-07-21 12:42 - 2014-07-21 12:42 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (2).exe 2014-07-18 08:57 - 2014-07-18 08:57 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (1).exe 2014-07-17 15:09 - 2014-07-17 15:09 - 04541084 _____ () C:\Users\Conrad\Downloads\Video FlowFact Prozess Management WMV.wmv 2014-07-17 11:00 - 2014-07-17 11:00 - 00004599 _____ () C:\Users\Conrad\Downloads\Performer CRM_ FLOWFACT Mobile .ics 2014-07-16 10:21 - 2014-07-24 12:13 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job 2014-07-16 10:21 - 2014-07-16 10:21 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002 2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Citrix 2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-07-14 13:06 - 2014-07-21 12:42 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Deployment 2014-07-14 13:06 - 2014-07-14 13:06 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client.exe 2014-07-14 13:06 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Apps\2.0 2014-07-11 13:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-11 13:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-11 13:21 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-11 13:21 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-11 13:21 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-11 13:21 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-11 13:21 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-11 13:18 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-11 13:18 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-11 13:18 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-11 13:17 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-11 13:17 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-11 13:17 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-11 13:17 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-11 13:17 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-11 13:17 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-11 13:17 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-11 13:17 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-11 13:17 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-11 13:17 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-11 13:17 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-11 13:17 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-11 13:17 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-11 13:17 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-11 13:17 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-11 13:17 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-11 13:17 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-11 13:17 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-11 13:17 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-11 13:17 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-11 13:17 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-11 13:17 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-11 13:17 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-11 13:17 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-11 13:17 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-11 13:17 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-11 13:17 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-11 13:17 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-11 13:17 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-11 13:17 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-11 13:17 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-11 13:17 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-11 13:17 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-11 13:17 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-11 13:17 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-11 13:17 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-11 13:17 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-11 13:17 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-11 13:17 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-11 13:17 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-11 13:17 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-11 13:17 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-11 13:17 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-11 13:17 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-11 13:17 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-11 13:17 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-11 13:17 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-11 13:17 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-11 13:17 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-11 13:17 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-11 13:17 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-11 13:17 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-11 13:17 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-11 13:17 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-11 13:17 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-11 13:17 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-11 13:16 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-11 13:16 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-11 13:15 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-10 17:00 - 2014-07-10 17:00 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\PwrMgr 2014-07-10 16:51 - 2014-07-10 16:51 - 00000000 ____D () C:\Users\Kaja\AppData\Local\LSC 2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\LSC 2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe 2014-07-10 16:47 - 2014-07-10 17:03 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Lenovo 2014-07-10 16:47 - 2014-07-10 17:03 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Lenovo 2014-07-10 16:47 - 2014-07-10 16:47 - 00130392 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-10 16:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Leadertech 2014-07-10 16:46 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Adobe 2014-07-10 16:46 - 2014-07-10 16:46 - 00000000 _____ () C:\Users\Kaja\agent.log 2014-07-10 16:45 - 2014-07-10 17:04 - 00000000 ____D () C:\Users\Kaja 2014-07-10 16:45 - 2014-07-10 16:46 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Google 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Vorlagen 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Startmenü 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Netzwerkumgebung 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Lokale Einstellungen 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Eigene Dateien 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Druckumgebung 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Musik 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Bilder 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Verlauf 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Anwendungsdaten 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Anwendungsdaten 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Intel 2014-07-10 16:45 - 2013-05-25 23:51 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Macromedia 2014-07-10 16:40 - 2014-07-10 16:42 - 00104552 _____ () C:\Users\Conrad\Desktop\XSWXmkCZ.zip 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\RydPtyKD 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\MBRNwMij 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\JrggLTmV 2014-07-04 10:03 - 2014-07-04 10:03 - 00000000 ____D () C:\Windows\Sun ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-24 12:43 - 2014-07-24 12:43 - 00033743 _____ () C:\Users\Conrad\Desktop\FRST.txt 2014-07-24 12:43 - 2014-07-23 12:33 - 02093568 _____ (Farbar) C:\Users\Conrad\Desktop\FRST64.exe 2014-07-24 12:43 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\Conrad\Desktop\FRST-OlderVersion 2014-07-24 12:43 - 2014-07-22 09:05 - 00000000 ____D () C:\FRST 2014-07-24 12:42 - 2014-07-23 10:53 - 00000000 ____D () C:\Users\Conrad\Desktop\Beseitigung 2014-07-24 12:35 - 2013-05-25 23:40 - 01942231 _____ () C:\Windows\WindowsUpdate.log 2014-07-24 12:34 - 2014-07-24 12:34 - 00854390 _____ () C:\Users\Conrad\Downloads\SecurityCheck.exe 2014-07-24 12:34 - 2014-07-24 12:34 - 00854390 _____ () C:\Users\Conrad\Desktop\SecurityCheck.exe 2014-07-24 12:31 - 2014-05-31 12:01 - 00002010 ____H () C:\Users\Conrad\Documents\Default.rdp 2014-07-24 12:13 - 2014-07-16 10:21 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job 2014-07-24 11:51 - 2013-05-25 23:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-24 10:46 - 2014-07-24 10:46 - 02347384 _____ (ESET) C:\Users\Conrad\Downloads\esetsmartinstaller_deu.exe 2014-07-24 10:44 - 2013-05-25 23:43 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-07-24 01:27 - 2013-05-25 23:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-23 12:28 - 2014-07-23 12:28 - 00035703 _____ () C:\ComboFix.txt 2014-07-23 12:28 - 2014-07-22 10:55 - 00000000 ____D () C:\Qoobox 2014-07-23 12:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-07-23 12:23 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-23 12:23 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-23 12:21 - 2013-05-26 09:27 - 00718150 _____ () C:\Windows\system32\perfh007.dat 2014-07-23 12:21 - 2013-05-26 09:27 - 00155646 _____ () C:\Windows\system32\perfc007.dat 2014-07-23 12:21 - 2009-07-14 07:13 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-23 12:19 - 2013-08-10 15:44 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\Nitro PDF 2014-07-23 12:17 - 2014-05-22 20:11 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\DropboxMaster 2014-07-23 12:17 - 2013-08-11 10:50 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\Dropbox 2014-07-23 12:17 - 2013-05-25 23:43 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-07-23 12:16 - 2010-11-21 05:47 - 00175268 _____ () C:\Windows\PFRO.log 2014-07-23 12:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-23 12:16 - 2009-07-14 06:51 - 00069063 _____ () C:\Windows\setupact.log 2014-07-23 11:11 - 2014-07-22 12:30 - 05562024 ____R (Swearware) C:\Users\Conrad\Desktop\ComboFix.exe 2014-07-23 11:09 - 2014-07-23 11:09 - 00001591 _____ () C:\Users\Conrad\Desktop\JRT.txt 2014-07-23 11:09 - 2013-08-10 15:39 - 00105592 _____ () C:\Users\Conrad\AppData\Roaming\AbsoluteReminder.xml 2014-07-23 11:01 - 2014-07-23 11:01 - 01016261 _____ (Thisisu) C:\Users\Conrad\Downloads\JRT.exe 2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Windows\ERUNT 2014-07-23 10:56 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner 2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Downloads\adwcleaner_3.216.exe 2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Desktop\adwcleaner_3.216.exe 2014-07-23 10:52 - 2014-07-23 10:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-23 10:33 - 2014-07-23 10:33 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-23 10:31 - 2014-07-23 10:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-22 12:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-07-22 12:45 - 2014-07-22 10:55 - 00000000 ____D () C:\Windows\erdnt 2014-07-22 10:54 - 2014-07-22 10:53 - 05562504 ____R (Swearware) C:\Users\Conrad\Downloads\ComboFix.exe 2014-07-22 10:16 - 2014-07-22 10:07 - 340465664 _____ () C:\Users\Conrad\Downloads\kav_rescue_10-0513 (1).iso 2014-07-22 10:14 - 2014-07-22 10:14 - 05840418 _____ () C:\Users\Conrad\Downloads\scareuncrypt.zip 2014-07-22 10:14 - 2014-07-22 10:14 - 00000000 ____D () C:\Users\Conrad\Downloads\scareuncrypt 2014-07-22 09:56 - 2014-07-22 09:56 - 00000043 _____ () C:\Users\Conrad\AppData\Roaming\WB.CFG 2014-07-22 09:07 - 2014-07-22 09:06 - 00043846 _____ () C:\Users\Conrad\Downloads\Addition.txt 2014-07-22 09:07 - 2014-07-22 09:05 - 00075019 _____ () C:\Users\Conrad\Downloads\FRST.txt 2014-07-22 09:05 - 2014-07-22 09:05 - 02090496 _____ (Farbar) C:\Users\Conrad\Downloads\FRST64.exe 2014-07-22 08:41 - 2014-07-22 08:41 - 03084860 _____ () C:\Users\Conrad\Downloads\Beispielbilder_Win7.zip 2014-07-22 08:37 - 2014-07-22 08:37 - 00149694 _____ () C:\Users\Conrad\Downloads\DecryptHelper-0.5.3.exe 2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptHelper.txt 2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptException.txt 2014-07-22 08:32 - 2014-07-22 08:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Conrad\Downloads\ShadowExplorer-0.9-setup.exe 2014-07-22 08:32 - 2014-07-22 08:32 - 00001900 _____ () C:\Users\Conrad\Desktop\ShadowExplorer.lnk 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\www.shadowexplorer.com 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer 2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP 2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe 2014-07-22 08:15 - 2014-07-22 08:14 - 00000000 ____D () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1 2014-07-22 08:14 - 2014-07-22 08:14 - 00062065 _____ () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1.zip 2014-07-21 12:42 - 2014-07-21 12:42 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (2).exe 2014-07-21 12:42 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Deployment 2014-07-18 08:57 - 2014-07-18 08:57 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (1).exe 2014-07-17 15:09 - 2014-07-17 15:09 - 04541084 _____ () C:\Users\Conrad\Downloads\Video FlowFact Prozess Management WMV.wmv 2014-07-17 11:00 - 2014-07-17 11:00 - 00004599 _____ () C:\Users\Conrad\Downloads\Performer CRM_ FLOWFACT Mobile .ics 2014-07-16 10:21 - 2014-07-16 10:21 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002 2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Citrix 2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-07-14 13:06 - 2014-07-14 13:06 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client.exe 2014-07-14 13:06 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Apps\2.0 2014-07-12 13:14 - 2013-08-15 14:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-07-12 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-12 12:46 - 2014-02-05 13:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-12 03:19 - 2009-07-14 06:45 - 00490576 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-12 03:18 - 2014-06-01 12:57 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-12 03:18 - 2011-12-08 22:03 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-12 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-12 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-10 17:04 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja 2014-07-10 17:04 - 2014-02-10 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-07-10 17:04 - 2014-01-26 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-10 17:04 - 2013-08-10 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo App Shop 2014-07-10 17:04 - 2013-08-10 16:12 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0 2014-07-10 17:04 - 2013-08-10 15:39 - 00000000 ____D () C:\Users\Conrad 2014-07-10 17:04 - 2013-05-25 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby 2014-07-10 17:03 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Lenovo 2014-07-10 17:03 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Lenovo 2014-07-10 17:03 - 2014-06-09 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-07-10 17:03 - 2014-05-29 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-10 17:03 - 2014-05-25 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-07-10 17:03 - 2014-04-04 17:37 - 00000000 ____D () C:\Users\Büro 2014-07-10 17:03 - 2014-03-12 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFuhrpark 2014-07-10 17:03 - 2014-02-11 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu 2014-07-10 17:03 - 2014-02-10 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2014-07-10 17:03 - 2014-02-06 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-10 17:03 - 2014-02-05 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-07-10 17:03 - 2013-10-31 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps 2014-07-10 17:03 - 2013-08-30 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-07-10 17:03 - 2013-08-10 17:14 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-07-10 17:03 - 2013-08-10 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software 2014-07-10 17:03 - 2013-05-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation 2014-07-10 17:03 - 2013-05-26 00:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-07-10 17:03 - 2013-05-26 00:03 - 00000000 ____D () C:\ProgramData\Norton 2014-07-10 17:03 - 2013-05-26 00:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-07-10 17:03 - 2013-05-25 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-10 17:03 - 2013-05-25 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader 2014-07-10 17:03 - 2013-05-25 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory Lenovo Edition 2014-07-10 17:03 - 2013-05-25 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2014-07-10 17:03 - 2013-05-25 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel 2014-07-10 17:03 - 2013-05-25 23:50 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2014-07-10 17:03 - 2013-05-25 23:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2014-07-10 17:03 - 2013-05-25 23:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-07-10 17:03 - 2011-12-08 22:02 - 00000000 ____D () C:\Windows\ShellNew 2014-07-10 17:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-07-10 17:02 - 2013-08-13 11:49 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-07-10 17:00 - 2014-07-10 17:00 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\PwrMgr 2014-07-10 16:51 - 2014-07-10 16:51 - 00000000 ____D () C:\Users\Kaja\AppData\Local\LSC 2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\LSC 2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe 2014-07-10 16:50 - 2014-07-10 16:46 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Adobe 2014-07-10 16:47 - 2014-07-10 16:47 - 00130392 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-10 16:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Leadertech 2014-07-10 16:46 - 2014-07-10 16:46 - 00000000 _____ () C:\Users\Kaja\agent.log 2014-07-10 16:46 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Google 2014-07-10 16:46 - 2014-02-20 11:11 - 00000000 ____D () C:\Users\Conrad\Documents\Unterlagen Mietinteressenten 2014-07-10 16:46 - 2014-01-02 09:02 - 00000000 ____D () C:\Users\Conrad\Documents\Ba 2014-07-10 16:46 - 2013-10-31 12:11 - 00000000 ____D () C:\Users\Conrad\Documents\Steuerfälle 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Vorlagen 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Startmenü 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Netzwerkumgebung 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Lokale Einstellungen 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Eigene Dateien 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Druckumgebung 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Musik 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Bilder 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Verlauf 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Anwendungsdaten 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Anwendungsdaten 2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Intel 2014-07-10 16:42 - 2014-07-10 16:40 - 00104552 _____ () C:\Users\Conrad\Desktop\XSWXmkCZ.zip 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\RydPtyKD 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\MBRNwMij 2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\JrggLTmV 2014-07-10 16:40 - 2014-02-18 12:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Messe 2014 2014-07-10 16:40 - 2014-01-10 16:20 - 00000000 ____D () C:\Users\Conrad\Desktop\Avaya 2014-07-10 16:40 - 2014-01-10 15:33 - 00000000 ____D () C:\Users\Conrad\Desktop\Urlaub 2014 2014-07-10 16:40 - 2014-01-09 21:39 - 00000000 ____D () C:\Users\Conrad\Desktop\Englisch 2014-07-10 16:40 - 2014-01-03 12:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Projekt Flowfact 2014-07-10 16:40 - 2013-12-01 14:28 - 00000000 ____D () C:\Users\Conrad\Desktop\Steuer2013 2014-07-10 16:40 - 2013-12-01 14:21 - 00000000 ____D () C:\Users\Conrad\Desktop\Lohn 2014-07-10 16:40 - 2013-08-20 12:36 - 00000000 ____D () C:\Users\Conrad\Desktop\BA 2014-07-07 15:54 - 2014-02-10 12:24 - 00002053 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2014-07-07 15:54 - 2014-02-10 12:24 - 00002051 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2014-07-07 15:54 - 2014-02-10 12:24 - 00002041 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2014-07-04 10:03 - 2014-07-04 10:03 - 00000000 ____D () C:\Windows\Sun 2014-06-30 04:09 - 2014-07-11 13:21 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-11 13:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-12 13:07 ==================== End Of Log ============================ --- --- --- --- --- --- So ist jetzt alles entfernt was Stress macht? Wenn es jetzt noch ne funktionierende Variante gibt die gesperrten Dokumente zu entsperren, dann wäre es perfekt, aber offenbar kann man nicht alles haben! :-) |
24.07.2014, 19:23 | #8 |
/// the machine /// TB-Ausbilder | BKA Trojaner und was nun? Flash updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\ASP S2 pennybee; "C:\PROGRA~3\pennybee\pennybee.exe" /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1004 /affId=10040007 /appId=116 /uId={82680281-2142-43EC-B4C5-C36575434FC9-2014_07_22} /version=1.1.0.13 /Override=0 /regAppName=pennybee /curSID=S-1-5-21-2664929658-1551457082-1331067265-1002 /logf=C:\Users\Conrad\AppData\Local\10040007_loger_23_07_10_50_34_538432491.txt /mac=B888E3F8D88C /tst=none /ts2=1 S2 wpennybeed; "C:\PROGRA~3\pennybee\wpennybeed.exe" -scm [X] 2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP 2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. Gesperrt bedeutet verschlüsselt? Dann keine Chance.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.07.2014, 08:17 | #9 |
| BKA Trojaner und was nun?Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 Ran by Conrad at 2014-07-25 09:16:00 Run:1 Running from C:\Users\Conrad\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files (x86)\ASP S2 pennybee; "C:\PROGRA~3\pennybee\pennybee.exe" /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1004 /affId=10040007 /appId=116 /uId={82680281-2142-43EC-B4C5-C36575434FC9-2014_07_22} /version=1.1.0.13 /Override=0 /regAppName=pennybee /curSID=S-1-5-21-2664929658-1551457082-1331067265-1002 /logf=C:\Users\Conrad\AppData\Local\10040007_loger_23_07_10_50_34_538432491.txt /mac=B888E3F8D88C /tst=none /ts2=1 S2 wpennybeed; "C:\PROGRA~3\pennybee\wpennybeed.exe" -scm [X] 2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP 2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP 2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe ***************** C:\Program Files (x86)\ASP => Moved successfully. pennybee => Service deleted successfully. wpennybeed => Service deleted successfully. C:\Windows\System32\Tasks\ASP => Moved successfully. C:\Users\Conrad\AppData\Roaming\unpacked19019 => Moved successfully. C:\Users\Conrad\AppData\Local\tmp19013 => Moved successfully. C:\Program Files (x86)\RCP => Moved successfully. "C:\Program Files (x86)\ASP" => File/Directory not found. C:\Users\Conrad\Downloads\ZipSetup.exe => Moved successfully. ==== End of Fixlog ==== ja gesperrt ist verschlüsselt, selbst die Dropbox is befallen, das sind Schweine! |
25.07.2014, 17:45 | #10 |
/// the machine /// TB-Ausbilder | BKA Trojaner und was nun? Joah, wenn Du die gängigen Entschlüsselungstools versucht hast und die Schattenkopien kannste da leider nix machen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |