| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Anhang einer Spam-Mail angeklickt; jetzt ein autorun.inf-ProblemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.06.2016, 13:10
| #1 |
| |  Anhang einer Spam-Mail angeklickt; jetzt ein autorun.inf-Problem Anscheinend bin ich auf eine Email hereingefallen, die ich vermeintlich von einem Sportartikelhersteller erhielt, bei dem ich einige Male problemlos eingekauft hatte. Die Anzahl an Werbemails hatte zuletzt ein solches Ausmass angenommen, dass ich die Möglichkeit nutzen wollte, die schon fast täglichen Emails abzubestellen. Als ich die Option der Abbestellung anklickte, kam das Versprechen, mir nun eine Email mit einem Link zu schicken, den ich zur Bestätigung anklicken sollte. Erst nachdem ich das gemacht hatte, kam mir der Vorgang komisch vor. An der benutzten Email-Adresse erkannte ich dann, dass die Mail überhaupt nicht von meinem Händler gekommen war. Wie kann man so naiv sein? Ich habe dann sofort einen vollständigen Systemcheck mit Avira und Malwarebytes durchgeführt. CCleaner, AdwCleaner, Spybot wurden auch eingesetzt. Alles ohne Erkennen irgendeiner Bedrohung. Doch jetzt erhalte ich seit einigen Tagen immer, wenn ich ins Internet gehe, einen Hinweis von Avira, dass der Zugriff auf das Laufwerk Q:\AUTORUN.INF blockiert wurde. Im Ereignisprotokoll steht zu lesen: "Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Datei 'Q:\AUTORUN.INF' blockiert." Nun habe ich erneut alles detailliert gescannt via Avira Antivirus Pro (vollständige Systemprüfung), Malwarebytes (inkl. Laufwerk Q), Malwarebytes Rootkit, ESET (bei Abschaltung von Avira). Gefunden habe ich nicht eine einzige namentlich benannte Bedrohung. Allerdings zeigt das Logfile vom Trojan Remover: "Checking autorun.inf in Q:\ Q:\autorun.inf -HS- 49 bytes Created: 10.04.2013 10:58 Modified: 10.06.2008 18:32 Company: [no info] ERROR: Unhandled Exception calling in procedure frmScan.ScanAutoRuns: EFOpenError - Cannot open file "Q:\autorun.inf". Zugriff verweigert" Was sollte ich jetzt unternehmen? Hier noch die entsprechenden Logfiles: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
durchgeführt von ... (Administrator) auf ....-THINK (12-06-2016 07:35:40)
Gestartet von C:\Users\....\Downloads
Geladene Profile: (Verfügbare Profile: ...)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-03-10] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-05-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3537976 2016-05-17] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\...\MountPoints2: {d52dfa78-9be0-11e2-aa09-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-07-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{C7FB1751-EA29-4E16-B0EA-16E50FF83C89}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{E6EF234E-3523-4A6E-BF69-000945E0DE1A}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1367467165-2711367398-4159845787-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.startpage.com/deu/
SearchScopes: HKLM -> {4FDB0B45-F480-49F0-BD62-FCD895C6E4B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {4FDB0B45-F480-49F0-BD62-FCD895C6E4B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1367467165-2711367398-4159845787-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-04-13] (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-04-13] (Symantec Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\hecpe5dy.default-1423296258059
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-07-06] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-05-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-05-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-05-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-05-26] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-24] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 PwmEWSvc; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [143360 2011-03-24] () [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [443240 2011-03-02] (Lenovo Group Limited)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [Datei ist nicht signiert]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-05-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-26] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-07-06] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-12 07:35 - 2016-06-12 07:35 - 00017516 _____ C:\Users\...\Downloads\FRST.txt
2016-06-12 07:35 - 2016-06-12 07:35 - 00000000 ____D C:\FRST
2016-06-12 07:34 - 2016-06-12 07:34 - 02385408 _____ (Farbar) C:\Users\....\Downloads\FRST64.exe
2016-06-12 00:40 - 2016-06-12 00:40 - 00003180 _____ C:\Windows\System32\Tasks\{9E490910-74DA-43C9-BA65-D13F6F3791AB}
2016-06-12 00:34 - 2016-06-12 00:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\....\Downloads\hijackthis.exe
2016-06-11 23:09 - 2016-06-11 23:12 - 192778384 _____ C:\Users\....\Downloads\3b1cwygk(1).exe
2016-06-11 23:03 - 2016-06-11 23:54 - 00000000 ____D C:\Users\....\Doctor Web
2016-06-11 22:58 - 2016-06-11 23:02 - 192778384 _____ C:\Users\...\Downloads\3b1cwygk.exe
2016-06-11 20:09 - 2016-06-11 20:09 - 01610816 _____ (Malwarebytes) C:\Users\...\Downloads\JRT.exe
2016-06-10 21:31 - 2016-06-10 21:31 - 00000000 ____D C:\ProgramData\TEMP
2016-06-10 21:26 - 2016-06-10 21:26 - 00000000 ____D C:\Users\\Documents\Simply Super Software
2016-06-10 21:26 - 2016-06-10 21:26 - 00000000 ____D C:\Users\\AppData\Roaming\Simply Super Software
2016-06-10 21:25 - 2016-06-10 21:25 - 00001154 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2016-06-10 21:25 - 2016-06-10 21:25 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-06-10 21:25 - 2016-06-10 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-06-10 21:25 - 2016-06-10 21:25 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-06-10 20:11 - 2016-06-11 07:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-06 14:36 - 2016-06-06 14:36 - 03677248 _____ C:\Users\\Downloads\adwcleaner_5.119.exe
2016-05-22 08:22 - 2016-05-22 08:22 - 04898016 _____ (Avira Operations GmbH & Co. KG) C:\Users\\Downloads\avira_de_avprodl_57414f073878d__wsd (1).exe
2016-05-22 08:20 - 2016-05-22 08:20 - 04898016 _____ (Avira Operations GmbH & Co. KG) C:\Users\\Downloads\avira_de_avprodl_57414f073878d__wsd.exe
2016-05-22 08:19 - 2016-05-22 08:22 - 00001225 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-05-13 18:05 - 2016-05-13 18:07 - 00024758 _____ C:\Users\\Documents\WiderspruchPV.odt
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-12 07:35 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-12 07:35 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-12 07:28 - 2015-09-12 08:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-12 07:05 - 2013-04-10 10:57 - 00000000 ____D C:\Users\
2016-06-12 07:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-12 00:35 - 2013-04-10 11:03 - 00000000 ____D C:\Users\\AppData\Local\VirtualStore
2016-06-11 22:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-11 20:36 - 2014-05-06 09:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-11 20:35 - 2013-04-10 10:58 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-06-11 20:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas
2016-06-11 20:24 - 2013-04-10 10:58 - 00003516 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-06-11 20:24 - 2013-04-10 10:58 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2016-06-11 19:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-11 07:07 - 2013-04-10 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-06 14:38 - 2014-08-29 12:49 - 00000000 ____D C:\AdwCleaner
2016-06-05 21:30 - 2013-12-10 23:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-04 22:10 - 2011-07-06 11:57 - 00699682 _____ C:\Windows\system32\perfh007.dat
2016-06-04 22:10 - 2011-07-06 11:57 - 00149790 _____ C:\Windows\system32\perfc007.dat
2016-06-04 22:10 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-04 13:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-04 08:08 - 2015-12-07 09:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-29 20:48 - 2011-07-06 02:25 - 00000000 ____D C:\ProgramData\PCDr
2016-05-26 22:37 - 2015-04-04 17:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 22:37 - 2015-04-04 17:22 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 20:16 - 2015-08-16 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-26 20:14 - 2015-08-16 08:55 - 00141920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-26 20:14 - 2015-08-16 08:55 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-22 08:19 - 2015-08-16 08:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-13 22:14 - 2014-12-25 08:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 09:32 - 2014-12-12 23:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-13 08:28 - 2016-04-09 08:28 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-13 08:28 - 2015-09-12 08:13 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 08:28 - 2015-09-12 08:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 08:28 - 2015-09-12 08:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
Einige Dateien in TEMP:
====================
C:\Users\\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-06-10 09:42
==================== Ende von FRST.txt ============================
Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2016/06/12 11:01:13 +0200</date>
<logfile>mbam-log-2016-06-12 (11-00-54).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.06.12.02</malware-database>
<rootkit-database>v2016.05.27.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<hostname>VANBRACHT-THINK</hostname>
<ip/>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>van Bracht</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>custom</type>
<result>completed</result>
<objects>454444</objects>
<time>4933</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items> </items>
</mbam-log>
Code:
ATTFilter ***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.4.2944. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 12:54:06 12 Jun 2016
Using Database v9005
Operating System: Windows 7 Professional x64 (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\van Bracht\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\van Bracht\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
************************************************************
12:54:06: ----- Checking Default File Associations -----
No modified default file associations detected
************************************************************
12:54:06: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
12:54:06: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe (verified signer: [Microsoft Windows])
3231232 bytes
Created: 10.02.2016 10:33
Modified: 22.01.2016 07:19
Company: Microsoft Corporation
[9D77CC4A36FEEA644D002CFB9B2D42C0]
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\System32\Userinit.exe,]
File: C:\Windows\System32\Userinit.exe
C:\Windows\System32\Userinit.exe (verified signer: [Microsoft Windows])
30720 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[BAFE84E637BF7388C96EF48D4D3FDD53]
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RotateImage]
Value Data: [C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe]
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
55808 bytes
Created: 06.07.2011 02:12
Modified: 30.10.2008 15:24
Company: Ricoh co.,Ltd.
[0307536FD43CC7BFB92F9DAC8DB913F1]
--------------------
Value Name: [NUSB3MON]
Value Data: ["C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"]
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (verified signer: [Renesas Electronics Corporation])
113288 bytes
Created: 17.11.2010 02:53
Modified: 17.11.2010 02:53
Company: Renesas Electronics Corporation
[9D51EA92A612B37E76E5E4621650C50A]
--------------------
Value Name: [IMSS]
Value Data: ["C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"]
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (verified signer: [Intel Corporation])
112152 bytes
Created: 06.07.2011 02:15
Modified: 17.01.2011 03:41
Company: Intel Corporation
[49FBD026C73B6EFBFD3F58E641E39411]
--------------------
Value Name: [PWMTRV]
Value Data: [rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor]
C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL (verified signer: [Lenovo(Japan)Ltd.])
1551208 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo Group Limited
[CEB867AF5D2572C115904272C59E39C0]
--------------------
Value Name: [Lenovo Registration]
Value Data: [C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot]
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (verified signer: [Leader Technologies Inc])
4309184 bytes
Created: 09.02.2011 13:31
Modified: 09.02.2011 13:31
Company: Lenovo, Inc.
[91E2D8CFD3051CBE19A2445A4D7D06D8]
--------------------
Value Name: [Dolby Home Theater v4]
Value Data: ["C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart]
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (verified signer: [Dolby Laboratories, Inc.])
506712 bytes
Created: 03.02.2011 13:50
Modified: 03.02.2011 13:50
Company: Dolby Laboratories Inc.
[8D2B47285BCDE1943A16166702E3FA95]
--------------------
Value Name: [SDTray]
Value Data: ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (verified signer: [Safer Networking Ltd.])
5624784 bytes
Created: 10.12.2013 23:44
Modified: 25.07.2013 12:19
Company: Safer-Networking Ltd.
[AF49D1C79EA49A7833017F290EE63B82]
--------------------
Value Name: [Avira SystrayStartTrigger]
Value Data: [C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe]
C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (verified signer: [Avira Operations GmbH & Co. KG])
67840 bytes
Created: 04.05.2016 17:09
Modified: 04.05.2016 17:09
Company: Avira Operations GmbH & Co. KG
[57EC74A47981099D5F55B595F73442D3]
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min]
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (verified signer: [Avira Operations GmbH & Co. KG])
814608 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[F316A9C0C8BBA9D2A98BE70EE0D8CA96]
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe (verified signer: [Simply Super Software])
3537976 bytes
Created: 10.06.2016 21:25
Modified: 17.05.2016 14:45
Company: Simply Super Software
[66948861F75A0F28A60E4FEBF5D6FE49]
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Spybot-S&D Cleaning]
Value Data: ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (verified signer: [Safer-Networking Ltd.])
5915776 bytes
Created: 10.12.2013 23:44
Modified: 21.03.2016 15:16
Company: Safer-Networking Ltd.
[6CE0A962E0AF81BD2EE8FE6B37A1FEE1]
--------------------
Value Name: [SpybotPostWindows10UpgradeReInstall]
Value Data: ["C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
1011200 bytes
Created: 04.10.2015 16:26
Modified: 28.07.2015 18:17
Company: Safer-Networking Ltd.
[F51BB12D8977D26C1A4CDA348770D9F1]
--------------------
Value Name: [CCleaner Monitoring]
Value Data: ["C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR]
C:\Program Files\CCleaner\CCleaner64.exe (verified signer: [Piriform Ltd])
8461224 bytes
Created: 16.09.2015 22:32
Modified: 16.09.2015 22:32
Company: Piriform Ltd
[15914F30482983E349FF9544B2DCAF11]
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
12:54:12: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [SynTPEnh]
Value Data: [%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
2731304 bytes
Created: 06.07.2011 11:51
Modified: 24.03.2011 12:47
Company: Synaptics Incorporated
[439669E153EF11FA16861EC33D4AFC81]
--------------------
Value Name: [TpShocks]
Value Data: [TpShocks.exe]
C:\Windows\System32\TpShocks.exe (verified signer: [Lenovo(Japan)Ltd.])
380776 bytes
Created: 14.01.2011 13:14
Modified: 14.01.2011 13:14
Company: Lenovo.
[DB0CE31BEBF21542890941744FC576D3]
--------------------
Value Name: [ForteConfig]
Value Data: [C:\Program Files\Conexant\ForteConfig\fmapp.exe]
C:\Program Files\Conexant\ForteConfig\fmapp.exe (verified signer: [Fortemedia Inc])
49056 bytes
Created: 06.07.2011 02:17
Modified: 26.10.2010 06:40
Company:
[42361B4BD80768E82B80285851037665]
--------------------
Value Name: [SmartAudio]
Value Data: [C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t]
C:\Program Files\CONEXANT\SAII\SAIICpl.exe (verified signer: [Conexant Systems, Inc.])
316032 bytes
Created: 06.07.2011 02:17
Modified: 14.03.2011 13:04
Company: Conexant systems, Inc.
[59684F3A784301D09ADF69E70DF979E8]
--------------------
Value Name: [IgfxTray]
Value Data: [C:\Windows\system32\igfxtray.exe]
C:\Windows\System32\igfxtray.exe (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
167960 bytes
Created: 06.07.2011 02:20
Modified: 30.03.2011 08:16
Company: Intel Corporation
[E9F8D2BE05B94E676D4129AC2DF6DFA9]
--------------------
Value Name: [HotKeysCmds]
Value Data: [C:\Windows\system32\hkcmd.exe]
C:\Windows\System32\hkcmd.exe (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
391704 bytes
Created: 06.07.2011 02:20
Modified: 30.03.2011 08:16
Company: Intel Corporation
[3EF36B03DDC8F4A1C908CBA7A7757A95]
--------------------
Value Name: [Persistence]
Value Data: [C:\Windows\system32\igfxpers.exe]
C:\Windows\System32\igfxpers.exe (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
418840 bytes
Created: 06.07.2011 02:20
Modified: 30.03.2011 08:16
Company: Intel Corporation
[7F1918A7E963A3F8F5B76AA64700551E]
--------------------
Value Name: [LENOVO.TPKNRRES]
Value Data: [C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe]
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (verified signer: [Lenovo(Japan)Ltd.])
41320 bytes
Created: 06.07.2011 02:23
Modified: 10.03.2011 10:22
Company: Lenovo Group Limited
[CF1007D2E37BD301D5FE5AE9F3141D9D]
--------------------
Value Name: [ALCKRESI.EXE]
Value Data: [C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE]
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE (verified signer: [Lenovo(Japan)Ltd.])
281448 bytes
Created: 06.07.2011 02:23
Modified: 28.02.2011 09:35
Company: Lenovo Group Limited
[D887B58F690A1CA84E4971409193EB02]
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
12:54:13: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
************************************************************
12:54:13: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
12:54:13: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\PhotoScreensaver.scr
C:\Windows\System32\PhotoScreensaver.scr (verified signer: [Microsoft Windows])
477696 bytes
Created: 21.11.2010 05:25
Modified: 21.11.2010 05:25
Company: Microsoft Corporation
[B0951D9AF84D9639CF81BC99BE4084C0]
--------------------
************************************************************
12:54:13: Scanning ----- Registry Active Setup Keys -----
Key: {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\system32\ie4uinit.exe - [file not found to scan]
----------
Key: {A6EADE66-0000-0000-484E-7E8A45000000}
Path: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll (verified signer: [Adobe Systems, Incorporated])
287416 bytes
Created: 03.05.2016 16:41
Modified: 03.05.2016 16:41
Company: Adobe Systems, Inc.
[6116CA80B64A1A8442C14A90D3EAF1DE]
----------
************************************************************
12:54:13: Scanning ----- 64-Bit Registry Active Setup Keys -----
************************************************************
12:54:13: Scanning ----- SERVICEDLL REGISTRY KEYS -----
************************************************************
12:54:17: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AntiVirMailService
ImagePath: "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (verified signer: [Avira Operations GmbH & Co. KG])
970656 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[157DA3885AA4F03C80C10DAEB0949CAA]
----------
Key: AntiVirSchedulerService
ImagePath: "C:\Program Files (x86)\Avira\Antivirus\sched.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Antivirus\sched.exe (verified signer: [Avira Operations GmbH & Co. KG])
467016 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[BD65021AB0EC790AECC503C394E61BA4]
----------
Key: AntiVirService
ImagePath: "C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Antivirus\avguard.exe (verified signer: [Avira Operations GmbH & Co. KG])
467016 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[BD65021AB0EC790AECC503C394E61BA4]
----------
Key: AntiVirWebService
ImagePath: "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (verified signer: [Avira Operations GmbH & Co. KG])
1435704 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[CF586007CB1F9189CDF07D0D5A02C448]
----------
Key: Avira.ServiceHost
ImagePath: "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (verified signer: [Avira Operations GmbH & Co. KG])
276424 bytes
Created: 04.05.2016 17:10
Modified: 04.05.2016 17:10
Company: Avira Operations GmbH & Co. KG
[04B922C5BE92C42DD0C2B9D085D7C0CA]
----------
Key: BTWAMPFL
ImagePath: system32\DRIVERS\btwampfl.sys
Service Start Type: Manual
C:\Windows\System32\DRIVERS\btwampfl.sys (verified signer: [Broadcom Corporation])
425000 bytes
Created: 06.07.2011 02:14
Modified: 18.12.2010 09:58
Company: Broadcom Corporation.
[8834F87A6A745872894DF8223201A6C3]
----------
Key: btwdins
ImagePath: C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
Service Start Type: Automatic
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (verified signer: [Broadcom Corporation])
962848 bytes
Created: 18.12.2010 15:50
Modified: 18.12.2010 15:50
Company: Broadcom Corporation.
[EB4AFE08FB39BB444F221D7D501E0915]
----------
Key: CxAudMsg
ImagePath: C:\Windows\system32\CxAudMsg64.exe
Service Start Type: Automatic
C:\Windows\System32\CxAudMsg64.exe (verified signer: [Conexant Systems, Inc.])
198784 bytes
Created: 06.07.2011 02:17
Modified: 17.12.2010 01:18
Company: Conexant Systems Inc.
[9D0D050170D47E778B624A28C90F23DE]
----------
Key: DevoloNetworkService
ImagePath: C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
Service Start Type: Automatic
C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (verified signer: [devolo AG])
3755976 bytes
Created: 01.07.2015 16:26
Modified: 01.07.2015 16:26
Company: devolo AG
[0B24043732807EE3AA25389356F4DE7C]
----------
Key: DozeSvc
ImagePath: C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
Service Start Type: Manual
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (verified signer: [Lenovo(Japan)Ltd.])
477032 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo.
[E6987F7818154791A6937BCC6655599B]
----------
Key: DzHDD64
ImagePath: System32\DRIVERS\DzHDD64.sys
Service Start Type: Boot
C:\Windows\System32\DRIVERS\DzHDD64.sys (verified signer: [Lenovo(Japan)Ltd.])
31344 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo.
[CE4CFFD9F64B86BCEB1C343FC9924D72]
----------
Key: EvtEng
ImagePath: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
Service Start Type: Automatic
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (verified signer: [Intel Corporation - Mobile Wireless Group])
1515792 bytes
Created: 17.12.2010 14:41
Modified: 17.12.2010 14:41
Company: Intel(R) Corporation
[8B6C9924B0D333DBF76086B8258A0891]
----------
Key: jhi_service
ImagePath: C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
Service Start Type: Automatic
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (verified signer: [Intel® Identity Protection Technology Software])
212944 bytes
Created: 24.02.2011 00:10
Modified: 24.02.2011 00:10
Company: Intel Corporation
[6C85719A21B3F62C2C76280F4BD36C7B]
----------
Key: LENOVO.CAMMUTE
ImagePath: C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
Service Start Type: Automatic
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (verified signer: [Lenovo(Japan)Ltd.])
40808 bytes
Created: 06.07.2011 02:23
Modified: 10.03.2011 10:22
Company: Lenovo Group Limited
[F19C612D518064C321D6CB0AFDF3A108]
----------
Key: LENOVO.MICMUTE
ImagePath: C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
Service Start Type: Automatic
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (verified signer: [Lenovo(Japan)Ltd.])
45496 bytes
Created: 09.03.2011 04:01
Modified: 24.11.2010 09:34
Company: Lenovo Group Limited
[FCE735941DA27929DBFC1918F286FFD8]
----------
Key: LENOVO.TPKNRSVC
ImagePath: C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
Service Start Type: Automatic
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (verified signer: [Lenovo(Japan)Ltd.])
59240 bytes
Created: 06.07.2011 02:23
Modified: 10.03.2011 10:22
Company: Lenovo Group Limited
[5ED2F02A2621DF450E6DCA6FEA334961]
----------
Key: Lenovo.VIRTSCRLSVC
ImagePath: C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
Service Start Type: Automatic
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (verified signer: [Lenovo(Japan)Ltd.])
93032 bytes
Created: 09.03.2011 04:01
Modified: 07.04.2010 07:37
Company: Lenovo Group Limited
[6F2CC57EB5836D2AC9BD37F3554D55F8]
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Service Start Type: Automatic
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (verified signer: [Intel Corporation])
326168 bytes
Created: 06.07.2011 02:15
Modified: 17.01.2011 03:42
Company: Intel Corporation
[97F9EAAC985A663394CD8F54DCD3E73A]
----------
Key: MBAMSwissArmy
ImagePath: \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
Service Start Type: Manual
C:\Windows\System32\drivers\MBAMSwissArmy.sys (verified signer: [Malwarebytes Corporation])
192216 bytes
Created: 06.05.2014 09:58
Modified: 12.06.2016 10:58
Company: Malwarebytes
[78488AF2AB2111D67B3C4044707A519B]
----------
Key: MozillaMaintenance
ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
Service Start Type: Manual
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (verified signer: [Mozilla Corporation])
146888 bytes
Created: 10.04.2013 13:04
Modified: 10.06.2016 20:11
Company: Mozilla Foundation
[D6F67A73E6557578B755F7B534E00F47]
----------
Key: NPF_devolo
ImagePath: \SystemRoot\sysWOW64\drivers\npf_devolo.sys
Service Start Type: Automatic
C:\Windows\sysWOW64\drivers\npf_devolo.sys (verified signer: [devolo AG])
34048 bytes
Created: 04.03.2013 10:43
Modified: 04.03.2013 10:43
Company: CACE Technologies
[49697C2C761ACB5C0DE99CC8FE93E95B]
----------
Key: pmxdrv
ImagePath: \??\C:\Windows\system32\drivers\pmxdrv.sys
Service Start Type: Manual
C:\Windows\System32\drivers\pmxdrv.sys (verified signer: [PAIPTAC Driver])
31152 bytes
Created: 06.07.2011 02:15
Modified: 06.07.2011 02:15
Company: [no info]
[0BEE791C7C7ACE453C134E73633C497D]
----------
Key: Power Manager DBC Service
ImagePath: "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
Service Start Type: Manual
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (verified signer: [Lenovo(Japan)Ltd.])
83304 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo
[DD233412DEB172B00E570B0B33E83974]
----------
Key: PwmEWSvc
ImagePath: C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
Service Start Type: Automatic
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
143360 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: [no info]
[83D064CD1E4CA65B40C1901DDCF6E9C1]
----------
Key: RegSrvc
ImagePath: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
Service Start Type: Automatic
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (verified signer: [Intel Corporation - Mobile Wireless Group])
836880 bytes
Created: 17.12.2010 14:26
Modified: 17.12.2010 14:26
Company: Intel(R) Corporation
[189C5A8D2098E0AA14FD157A954B34FC]
----------
Key: SAService
ImagePath: %SystemRoot%\system32\SAsrv.exe
Service Start Type: Automatic
C:\Windows\System32\SAsrv.exe - [file not found to scan]
----------
Key: SDScannerService
ImagePath: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (verified signer: [Safer Networking Ltd.])
1817560 bytes
Created: 10.12.2013 23:44
Modified: 16.05.2013 11:56
Company: Safer-Networking Ltd.
[95AA9E165C7DE1B64A11E8B18E91E499]
----------
Key: SDUpdateService
ImagePath: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (verified signer: [Safer Networking Ltd.])
1033688 bytes
Created: 10.12.2013 23:44
Modified: 16.05.2013 11:56
Company: Safer-Networking Ltd.
[D31398D4BB4907B517B6E784C2100C4A]
----------
Key: SDWSCService
ImagePath: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Service Start Type: Manual
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (verified signer: [Safer Networking Ltd.])
171928 bytes
Created: 10.12.2013 23:44
Modified: 15.05.2013 14:21
Company: Safer-Networking Ltd.
[6AE8E702D1027A9627DDE2B77BB9992B]
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx64.sys
Service Start Type: Boot
C:\Windows\System32\DRIVERS\Apsx64.sys (verified signer: [Lenovo(Japan)Ltd.])
139888 bytes
Created: 13.01.2011 14:04
Modified: 13.01.2011 14:04
Company: Lenovo.
[380B52126E62C6C2D3C8BA805AADFDC7]
----------
Key: SROSVC
ImagePath: C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
Service Start Type: Automatic
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (verified signer: [Lenovo(Japan)Ltd.])
443240 bytes
Created: 06.07.2011 02:15
Modified: 02.03.2011 15:07
Company: Lenovo Group Limited
[47118A04B1D4DCCCE3A1CDA3C10095B9]
----------
Key: SUService
ImagePath: "C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
28672 bytes
Created: 14.12.2010 14:07
Modified: 14.12.2010 14:07
Company: Lenovo Group Limited
[266D6BE20B40B7DC0949F5108E838B5E]
----------
Key: TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM64.sys
Service Start Type: Boot
C:\Windows\System32\DRIVERS\ApsHM64.sys (verified signer: [Lenovo(Japan)Ltd.])
23664 bytes
Created: 13.01.2011 14:02
Modified: 13.01.2011 14:02
Company: Lenovo.
[5523C729F1ED31B63C88490AF3D220FA]
----------
Key: TPHDEXLGSVC
ImagePath: System32\TPHDEXLG64.exe
Service Start Type: Manual
C:\Windows\System32\TPHDEXLG64.exe (verified signer: [Lenovo(Japan)Ltd.])
47728 bytes
Created: 13.01.2011 14:05
Modified: 13.01.2011 14:05
Company: Lenovo.
[ECB098A3404ACB8A05F0673DC086BB43]
----------
Key: TPHKLOAD
ImagePath: C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
Service Start Type: Automatic
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (verified signer: [Lenovo(Japan)Ltd.])
114024 bytes
Created: 09.03.2011 04:01
Modified: 03.12.2010 04:00
Company: Lenovo Group Limited
[63626012E44CAAA162677B57B6DCB542]
----------
Key: TPHKSVC
ImagePath: C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
Service Start Type: Automatic
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (verified signer: [Lenovo(Japan)Ltd.])
64440 bytes
Created: 09.03.2011 04:01
Modified: 02.12.2010 05:55
Company: Lenovo Group Limited
[9E6E4A9789F76593CC5A6A5AF8FC5929]
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (verified signer: [Intel Corporation])
2656280 bytes
Created: 06.07.2011 02:15
Modified: 17.01.2011 03:42
Company: Intel Corporation
[A69CD6BDB82872999D2E46F9324ADA83]
----------
Key: VIPAppService
ImagePath: "C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (verified signer: [Symantec Corporation])
84088 bytes
Created: 13.04.2011 05:58
Modified: 13.04.2011 05:58
Company: Symantec Corporation
[6AD85F32EA4AA65BB2EA652F2B9D4005]
----------
************************************************************
12:54:32: Scanning -----VXD ENTRIES-----
************************************************************
12:54:32: Scanning ----- ContextMenuHandlers -----
Key: SDECon32
CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC}
Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll (verified signer: [Safer Networking Ltd.])
134640 bytes
Created: 10.12.2013 23:44
Modified: 16.05.2013 11:55
Company: Safer-Networking Ltd.
[8C577C48E8DE4BF9550E39249A04C001]
----------
************************************************************
12:54:32: Scanning ----- Folder\ColumnHandlers -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll
C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll
435200 bytes
Created: 20.09.2013 14:50
Modified: 20.09.2013 14:50
Company: Apache Software Foundation
[65357C388A4D7F1B1CA89EDB21AA4118]
----------
************************************************************
12:54:32: Scanning ----- 64-Bit ContextMenuHandlers -----
Key: SDECon32
CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC}
Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
467456 bytes
Created: 10.12.2013 23:44
Modified: 16.05.2013 11:55
Company: Safer-Networking Ltd.
[BB5E24166EE6FB7E35A36083A8267BFA]
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files (x86)\Avira\Antivirus\shlext64.dll
C:\Program Files (x86)\Avira\Antivirus\shlext64.dll (verified signer: [Avira Operations GmbH & Co. KG])
2624848 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[5000306EC730475982103F81BC280AB6]
----------
************************************************************
12:54:32: Scanning ----- 64-Bit Folder\ColumnHandlers -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll
C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll
851968 bytes
Created: 20.09.2013 14:41
Modified: 20.09.2013 14:41
Company: Apache Software Foundation
[B9651BB53B8F3E0A0C07E2E7636901C5]
----------
************************************************************
12:54:32: Scanning ----- Browser Helper Objects -----
Key: {c3c77255-42c0-499f-b664-6e981a0b1647}
BHO: mscoree.dll
C:\Windows\SysWoW64\mscoree.dll (verified signer: [Microsoft Windows])
297808 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[D83947A58613E9091B4C9CC0F1546A8D]
----------
Key: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}
BHO: C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (verified signer: [Symantec Corporation])
2065528 bytes
Created: 13.04.2011 05:58
Modified: 13.04.2011 05:58
Company: Symantec Corporation
[63A2F9C1BE2337DE5250D1594D46338F]
----------
************************************************************
12:54:33: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified signer: [Microsoft Corporation])
529280 bytes
Created: 21.09.2010 14:54
Modified: 21.09.2010 14:54
Company: Microsoft Corp.
[1FDF3D08ABDB54C9A0F14E31BA66EE0F]
----------
Key: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}
BHO: C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (verified signer: [Symantec Corporation])
2385024 bytes
Created: 13.04.2011 05:58
Modified: 13.04.2011 05:58
Company: Symantec Corporation
[F334A8CD8BFFE2C737DAC5B4A4BF85ED]
----------
************************************************************
12:54:33: Scanning ----- ShellServiceObjectDelayLoad Entries -----
************************************************************
12:54:33: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----
************************************************************
12:54:33: Scanning ----- ShellServiceObjects -----
************************************************************
12:54:35: Scanning ----- 64-Bit ShellServiceObjects -----
************************************************************
12:54:36: Scanning ----- SharedTaskScheduler Entries -----
No SharedTaskScheduler entries found to scan
************************************************************
12:54:36: Scanning ----- 64-Bit SharedTaskScheduler Entries -----
No 64-Bit SharedTaskScheduler entries found to scan
************************************************************
12:54:36: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
12:54:36: Scanning ----- APPINIT_DLLS -----
No AppInit_DLLs value found to check
************************************************************
12:54:36: Scanning ----- 64-Bit APPINIT_DLLS -----
No 64-Bit AppInit_DLLs value found to check
************************************************************
12:54:37: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
12:54:37: Scanning ----- CREDENTIAL PROVIDERS -----
CLSID: {18CBEEAA-6708-41A1-9379-D08915333CF2}
File: C:\Program Files\ThinkVantage Fingerprint Software\provider.dll
C:\Program Files\ThinkVantage Fingerprint Software\provider.dll (verified signer: [UPEK Inc.])
706384 bytes
Created: 08.12.2010 13:18
Modified: 08.12.2010 13:18
Company: UPEK Inc.
[56298AD77FAD5F95DD635CFED61FA235]
----------
CLSID: {50968FF7-10C1-4fb3-98B0-CD654D6CB97E}
File: C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll
C:\Program Files\ThinkPad\Bluetooth Software\BtwCP.dll (verified signer: [Broadcom Corporation])
399648 bytes
Created: 18.12.2010 15:50
Modified: 18.12.2010 15:50
Company: Broadcom Corporation.
[A7D601FE9130829CEF5F8A7141B4BF00]
----------
************************************************************
12:54:38: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
Bluetooth.lnk - links to [C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe]
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (verified signer: [Broadcom Corporation])
1202976 bytes
Created: 18.12.2010 15:50
Modified: 18.12.2010 15:50
Company: Broadcom Corporation.
[C055B96EE3276342B1E690B88048F4E6]
--------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 06:54
Modified: 14.07.2009 06:54
Company: [no info]
[7F1698BAB066B764A314A589D338DAAE]
--------------------
************************************************************
12:54:38: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: van Bracht
[C:\Users\van Bracht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\van Bracht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 10.04.2013 11:03
Modified: 12.02.2016 09:07
Company: [no info]
[7F1698BAB066B764A314A589D338DAAE]
----------
--------------------
************************************************************
12:54:38: Scanning ----- SCHEDULED TASKS -----
Taskname: Adobe Acrobat Update Task
File: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified signer: [Adobe Systems, Incorporated])
1107672 bytes
Created: 22.04.2016 08:56
Modified: 22.04.2016 08:56
Company: Adobe Systems Incorporated
[DE7BC28EAE6A62BC35754D1DCA4ECF38]
Parameters:
Schedule: At logon
Next Run Time:
Status: Queued
Creator: Adobe Systems Incorporated
Comments: This task keeps your Adobe Reader and Acrobat applications up to date with the latest enhancements and security fixes
----------
Taskname: Adobe Flash Player Updater
File: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (verified signer: [Adobe Systems Incorporated])
269504 bytes
Created: 12.09.2015 08:13
Modified: 13.05.2016 08:28
Company: Adobe Systems Incorporated
[6A050671F2C76FB48131F12786802807]
Parameters:
Schedule: At 01:28:00 every day
Next Run Time: 12.06.2016 13:28:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname: CCleanerSkipUAC
File: C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\CCleaner\CCleaner.exe (verified signer: [Piriform Ltd])
6495144 bytes
Created: 16.09.2015 22:32
Modified: 16.09.2015 22:32
Company: Piriform Ltd
[1DC0CC580B6149CE24782B65384F34BD]
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator: Piriform Ltd
Comments:
----------
Taskname: MCP
File: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe (verified signer: [Lenovo Information Products (Shenzhen) Co.,Ltd])
49976 bytes
Created: 27.05.2009 22:09
Modified: 27.05.2009 22:09
Company:
[3B376496187AB240FAC6ECD7BD1251F6]
Parameters: /start
Schedule: At logon
Next Run Time:
Status: Running
Creator: Lenovo(RTP) International
Comments:
----------
Taskname: PCDEventLauncher
File: C:\Program Files\PC-Doctor\sessionchecker.exe
C:\Program Files\PC-Doctor\sessionchecker.exe (verified signer: [PC-Doctor, Inc.])
33872 bytes
Created: 01.04.2011 00:06
Modified: 01.04.2011 00:06
Company: PC-Doctor, Inc.
[ACE51B88A4539833CEE223A6D3C91DB3]
Parameters:
Schedule: At event
Next Run Time:
Status: Ready
Creator: PC-Doctor, Inc.
Comments:
----------
Taskname: PMTask
File: C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe (verified signer: [Lenovo(Japan)Ltd.])
529768 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo Group Limited
[996A64124063273B2A642B7D24D4E970]
Parameters:
Schedule: When computer is idle
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: SystemToolsDailyTest
File: C:\Program Files\PC-Doctor\uaclauncher.exe
C:\Program Files\PC-Doctor\uaclauncher.exe (verified signer: [PC-Doctor, Inc.])
1007184 bytes
Created: 01.04.2011 00:06
Modified: 01.04.2011 00:06
Company: PC-Doctor, Inc.
[92C875E9CAC497A811DDD5301FB100FD]
Parameters: -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
Schedule: At 10:00:00 every day
Next Run Time: 13.06.2016 10:00:00
Status: Ready
Creator: PC-Doctor
Comments:
----------
************************************************************
12:54:39: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
12:54:39: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm (verified signer: [Microsoft Windows])
64000 bytes
Created: 14.07.2009 02:07
Modified: 14.07.2009 03:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
[1C7F1C3EA5894995E6C563E9AE9F029F]
----------
************************************************************
12:54:39: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking autorun.inf in Q:\
Q:\autorun.inf
-HS- 49 bytes
Created: 10.04.2013 10:58
Modified: 10.06.2008 18:32
Company: [no info]
[492CF5B9300A6105893B8DD40031A141]
Q:\autorun.inf open entry: [LenovoQDrive.exe]
this is a known entry and has been left in place
--------------------
Desktop Wallpaper: C:\Users\van Bracht\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\van Bracht\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
49391 bytes
Created: 10.04.2013 11:03
Modified: 10.04.2013 11:03
Company: [no info]
[7F0F977BCA1A73D1C56AC4D828BFCCC6]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed
************************************************************
12:54:40: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
112640 bytes
Created: 11.05.2016 09:33
Modified: 09.04.2016 07:43
Company: Microsoft Corporation
[1CBDCAC093542013BEE9E4700C74C784]
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
[60C2862B4BF0FD9F582EF344C2B1EC72]
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created: 14.07.2009 01:52
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
[94355C28C1970635A31B3FE52EB7CEBA]
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created: 12.05.2015 20:58
Modified: 13.04.2015 05:28
Company: Microsoft Corporation
[71C85477DF9347FE8E7BC55768473FCA]
--------------------
C:\Windows\System32\lsass.exe
30720 bytes
Created: 11.05.2016 09:33
Modified: 09.04.2016 07:43
Company: Microsoft Corporation
[54C0E3156872881F6AB017210278E27E]
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created: 21.11.2010 05:23
Modified: 21.11.2010 05:23
Company: Microsoft Corporation
[9662EE182644511439F1C53745DC1C88]
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created: 14.07.2009 01:31
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
[C78655BC80301D76ED4FEF1C1EA40A7D]
--------------------
C:\Windows\System32\ibmpmsvc.exe
45928 bytes
Created: 06.07.2011 11:51
Modified: 01.02.2011 07:05
Company: Lenovo.
[57D4A3ED5497DB0C5A53E680A9BDD1C6]
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created: 18.10.2014 08:26
Modified: 17.07.2014 04:07
Company: Microsoft Corporation
[8CEBD9D0A0A879CDE9F36F4383B7CAEA]
--------------------
C:\Windows\System32\WUDFHost.exe
229888 bytes
Created: 13.04.2013 07:10
Modified: 26.07.2012 05:08
Company: Microsoft Corporation
[8ABFE00F213F2571498F1B8FD7939A98]
--------------------
C:\Windows\System32\wlanext.exe
99328 bytes
Created: 14.07.2009 02:07
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
[43FAB56AE5F639AD59D7209693F4C4C2]
--------------------
C:\Windows\System32\conhost.exe
338432 bytes
Created: 11.05.2016 09:33
Modified: 09.04.2016 07:48
Company: Microsoft Corporation
[46392E6BDDCB04CBD4D48BE01D3CA715]
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created: 12.04.2013 12:54
Modified: 11.02.2012 08:36
Company: Microsoft Corporation
[85DAA09A98C9286D4EA2BA8D0E644377]
--------------------
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
84816 bytes
Created: 08.12.2010 13:19
Modified: 08.12.2010 13:19
Company: UPEK Inc.
[55A599F6CC20BCEADC48200A751EE46F]
--------------------
C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[A8B7F3818AB65695E3A0BB3279F6DCE6]
--------------------
C:\Windows\SysWOW64\SASrv.exe
446592 bytes
Created: 06.07.2011 02:17
Modified: 14.03.2011 13:04
Company: Conexant Systems, Inc.
[CC5A2CA76B2E32BB2448CA57C80FE4BE]
--------------------
C:\Windows\System32\wbem\unsecapp.exe
47104 bytes
Created: 14.07.2009 01:47
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
[521202AA6F2B74FCCC6BC7E162109D71]
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[619A67C9F617B7E69315BB28ECD5E1DF]
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created: 12.04.2013 12:54
Modified: 23.11.2012 05:13
Company: Microsoft Corporation
[639774C9ACD063F028F6084ABF5593AD]
--------------------
C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe
43960 bytes
Created: 09.03.2011 04:01
Modified: 01.04.2010 07:50
Company: Lenovo Group Limited
[6E5E3C98A40D873FAB931D8C79717BE4]
--------------------
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
144744 bytes
Created: 09.03.2011 04:01
Modified: 14.12.2010 08:57
Company: Lenovo Group Limited
[5F493B557FCFC880774DDE4A1CCBDF2A]
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created: 14.07.2009 01:37
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
[F162D5F5E845B9DC352DD1BAD8CEF1BC]
--------------------
C:\Windows\System32\rundll32.exe
45568 bytes
Created: 14.07.2009 01:57
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
[DD81D91FF3B0763C392422865C9AC12E]
--------------------
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
303976 bytes
Created: 09.03.2011 04:01
Modified: 08.03.2011 08:14
Company: Lenovo Group Limited
[B105C799C83D2CFF8BC1DC672B758639]
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
154408 bytes
Created: 06.07.2011 11:51
Modified: 24.03.2011 12:48
Company: Synaptics Incorporated
[519C96E14CABD2759C16AD138A5DB7D0]
--------------------
C:\Windows\SysWOW64\rundll32.exe
44544 bytes
Created: 14.07.2009 01:41
Modified: 14.07.2009 03:14
Company: Microsoft Corporation
[51138BEEA3E2C21EC44D0932C71762A8]
--------------------
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.EXE
62824 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo Group Limited
[1FA1180F0A8A38852CA985C2715106B2]
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[65EA57712340C09B1B0C427B4848AE05]
--------------------
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
373096 bytes
Created: 06.07.2011 02:15
Modified: 02.03.2011 17:17
Company: Lenovo Group Limited
[E6F6952E56A9D61463B9B2B622C95F43]
--------------------
C:\Windows\System32\GWX\GWX.exe
534016 bytes
Created: 26.05.2016 20:25
Modified: 20.05.2016 15:06
Company: Microsoft Corporation
[7003287A5032A3AF1CCF1B9A6FFAA057]
--------------------
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
1036576 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[6E8DBA64A14C22F92DD94AD7A0887324]
--------------------
C:\Windows\servicing\TrustedInstaller.exe
194048 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[773212B2AAA24C1E31F10246B15B276C]
--------------------
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
121640 bytes
Created: 06.07.2011 11:51
Modified: 24.03.2011 12:47
Company: Synaptics Incorporated
[6B8966ECB093271DE794286850432225]
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created: 21.11.2010 05:25
Modified: 21.11.2010 05:25
Company: Microsoft Corporation
[A9F3BFC9345F49614D5859EC95B9E994]
--------------------
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
147656 bytes
Created: 04.05.2016 17:14
Modified: 04.05.2016 17:14
Company: Avira Operations GmbH & Co. KG
[07137BA621DD6FDCE44678CA3FBF7F8B]
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created: 12.04.2013 12:54
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
[E0B340996A41C9A75DFA3B99BBA9C500]
--------------------
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
1923096 bytes
Created: 06.07.2011 02:15
Modified: 17.01.2011 03:41
Company: Intel Corporation
[0586D31F3AC6829B49ECFE20A451C16B]
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
9926112 bytes
Created: 06.05.2014 09:58
Modified: 10.03.2016 14:07
Company: Malwarebytes
[8E98E3EC16D2641005B4748CD330FB45]
--------------------
C:\Windows\System32\taskmgr.exe
257024 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[09F7401D56F2393C6CA534FF0241A590]
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created: 12.04.2013 12:54
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
[D9E21CBF9E6A87847AFFD39EA3FA28EE]
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created: 12.04.2013 12:54
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
[49A3AD5CE578CD77F445F3D244AEAB2D]
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize: 5311512
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
12:54:42: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
12:54:42: Checking ----- ROGUE BROWSER MODIFICATIONS -----
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.startpage.com/deu/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.google.com/ie
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 12:54:42 12 Jun 2016
Total Scan time: 00:00:36
************************************************************
***** INDIVIDUAL FILE SCAN *****
Trojan Remover Ver 6.9.4.2944. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 12:34:47 12 Jun 2016
Using Database v9005
Operating System: Windows 7 Professional x64 (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\van Bracht\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\van Bracht\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out individual file scan on Q:\VANBRACHT-THINK\MediaID.bin
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.9.4.2944. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 12:33:42 12 Jun 2016
Using Database v9005
Operating System: Windows 7 Professional x64 (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\van Bracht\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\van Bracht\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on Q:\VANBRACHT-THINK\Backup Set 2013-04-30 185645
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
Q:\VANBRACHT-THINK\Backup Set 2013-04-30 185645\
Q:\...\Backup Set 2013-04-30 185645\Backup Files 2013-04-30 185645\
Q:\...\Backup Files 2013-04-30 185645\Catalogs\
Q:\VANBRACHT-THINK\Backup Set 2013-04-30 185645\Catalogs\
------------------------------
31 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 12:33:42 12 Jun 2016
Total Scan time: 00:00:00
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.9.4.2944. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 12:33:29 12 Jun 2016
Using Database v9005
Operating System: Windows 7 Professional x64 (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\van Bracht\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\van Bracht\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on Q:\VANBRACHT-THINK\Backup Set 2013-04-30 185645
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
Q:\VANBRACHT-THINK\Backup Set 2013-04-30 185645\
Q:\...\Backup Set 2013-04-30 185645\Backup Files 2013-04-30 185645\
Q:\...\Backup Files 2013-04-30 185645\Catalogs\
Q:\VANBRACHT-THINK\Backup Set 2013-04-30 185645\Catalogs\
------------------------------
31 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 12:33:29 12 Jun 2016
Total Scan time: 00:00:00
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.4.2944. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:03:11 12 Jun 2016
Using Database v9005
Operating System: Windows 7 Professional x64 (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\van Bracht\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\van Bracht\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
************************************************************
10:03:11: ----- Checking Default File Associations -----
No modified default file associations detected
************************************************************
10:03:11: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
10:03:11: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe (verified signer: [Microsoft Windows])
3231232 bytes
Created: 10.02.2016 10:33
Modified: 22.01.2016 07:19
Company: Microsoft Corporation
[9D77CC4A36FEEA644D002CFB9B2D42C0]
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\System32\Userinit.exe,]
File: C:\Windows\System32\Userinit.exe
C:\Windows\System32\Userinit.exe (verified signer: [Microsoft Windows])
30720 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[BAFE84E637BF7388C96EF48D4D3FDD53]
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RotateImage]
Value Data: [C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe]
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
55808 bytes
Created: 06.07.2011 02:12
Modified: 30.10.2008 15:24
Company: Ricoh co.,Ltd.
[0307536FD43CC7BFB92F9DAC8DB913F1]
--------------------
Value Name: [NUSB3MON]
Value Data: ["C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"]
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (verified signer: [Renesas Electronics Corporation])
113288 bytes
Created: 17.11.2010 02:53
Modified: 17.11.2010 02:53
Company: Renesas Electronics Corporation
[9D51EA92A612B37E76E5E4621650C50A]
--------------------
Value Name: [IMSS]
Value Data: ["C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"]
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (verified signer: [Intel Corporation])
112152 bytes
Created: 06.07.2011 02:15
Modified: 17.01.2011 03:41
Company: Intel Corporation
[49FBD026C73B6EFBFD3F58E641E39411]
--------------------
Value Name: [PWMTRV]
Value Data: [rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor]
C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL (verified signer: [Lenovo(Japan)Ltd.])
1551208 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo Group Limited
[CEB867AF5D2572C115904272C59E39C0]
--------------------
Value Name: [Lenovo Registration]
Value Data: [C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot]
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (verified signer: [Leader Technologies Inc])
4309184 bytes
Created: 09.02.2011 13:31
Modified: 09.02.2011 13:31
Company: Lenovo, Inc.
[91E2D8CFD3051CBE19A2445A4D7D06D8]
--------------------
Value Name: [Dolby Home Theater v4]
Value Data: ["C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart]
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (verified signer: [Dolby Laboratories, Inc.])
506712 bytes
Created: 03.02.2011 13:50
Modified: 03.02.2011 13:50
Company: Dolby Laboratories Inc.
[8D2B47285BCDE1943A16166702E3FA95]
--------------------
Value Name: [SDTray]
Value Data: ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (verified signer: [Safer Networking Ltd.])
5624784 bytes
Created: 10.12.2013 23:44
Modified: 25.07.2013 12:19
Company: Safer-Networking Ltd.
[AF49D1C79EA49A7833017F290EE63B82]
--------------------
Value Name: [Avira SystrayStartTrigger]
Value Data: [C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe]
C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (verified signer: [Avira Operations GmbH & Co. KG])
67840 bytes
Created: 04.05.2016 17:09
Modified: 04.05.2016 17:09
Company: Avira Operations GmbH & Co. KG
[57EC74A47981099D5F55B595F73442D3]
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min]
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (verified signer: [Avira Operations GmbH & Co. KG])
814608 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[F316A9C0C8BBA9D2A98BE70EE0D8CA96]
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe (verified signer: [Simply Super Software])
3537976 bytes
Created: 10.06.2016 21:25
Modified: 17.05.2016 14:45
Company: Simply Super Software
[66948861F75A0F28A60E4FEBF5D6FE49]
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Spybot-S&D Cleaning]
Value Data: ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (verified signer: [Safer-Networking Ltd.])
5915776 bytes
Created: 10.12.2013 23:44
Modified: 21.03.2016 15:16
Company: Safer-Networking Ltd.
[6CE0A962E0AF81BD2EE8FE6B37A1FEE1]
--------------------
Value Name: [SpybotPostWindows10UpgradeReInstall]
Value Data: ["C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
1011200 bytes
Created: 04.10.2015 16:26
Modified: 28.07.2015 18:17
Company: Safer-Networking Ltd.
[F51BB12D8977D26C1A4CDA348770D9F1]
--------------------
Value Name: [CCleaner Monitoring]
Value Data: ["C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR]
C:\Program Files\CCleaner\CCleaner64.exe (verified signer: [Piriform Ltd])
8461224 bytes
Created: 16.09.2015 22:32
Modified: 16.09.2015 22:32
Company: Piriform Ltd
[15914F30482983E349FF9544B2DCAF11]
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
10:03:17: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [SynTPEnh]
Value Data: [%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
2731304 bytes
Created: 06.07.2011 11:51
Modified: 24.03.2011 12:47
Company: Synaptics Incorporated
[439669E153EF11FA16861EC33D4AFC81]
--------------------
Value Name: [TpShocks]
Value Data: [TpShocks.exe]
C:\Windows\System32\TpShocks.exe (verified signer: [Lenovo(Japan)Ltd.])
380776 bytes
Created: 14.01.2011 13:14
Modified: 14.01.2011 13:14
Company: Lenovo.
[DB0CE31BEBF21542890941744FC576D3]
--------------------
Value Name: [ForteConfig]
Value Data: [C:\Program Files\Conexant\ForteConfig\fmapp.exe]
C:\Program Files\Conexant\ForteConfig\fmapp.exe (verified signer: [Fortemedia Inc])
49056 bytes
Created: 06.07.2011 02:17
Modified: 26.10.2010 06:40
Company:
[42361B4BD80768E82B80285851037665]
--------------------
Value Name: [SmartAudio]
Value Data: [C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t]
C:\Program Files\CONEXANT\SAII\SAIICpl.exe (verified signer: [Conexant Systems, Inc.])
316032 bytes
Created: 06.07.2011 02:17
Modified: 14.03.2011 13:04
Company: Conexant systems, Inc.
[59684F3A784301D09ADF69E70DF979E8]
--------------------
Value Name: [IgfxTray]
Value Data: [C:\Windows\system32\igfxtray.exe]
C:\Windows\System32\igfxtray.exe (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
167960 bytes
Created: 06.07.2011 02:20
Modified: 30.03.2011 08:16
Company: Intel Corporation
[E9F8D2BE05B94E676D4129AC2DF6DFA9]
--------------------
Value Name: [HotKeysCmds]
Value Data: [C:\Windows\system32\hkcmd.exe]
C:\Windows\System32\hkcmd.exe (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
391704 bytes
Created: 06.07.2011 02:20
Modified: 30.03.2011 08:16
Company: Intel Corporation
[3EF36B03DDC8F4A1C908CBA7A7757A95]
--------------------
Value Name: [Persistence]
Value Data: [C:\Windows\system32\igfxpers.exe]
C:\Windows\System32\igfxpers.exe (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
418840 bytes
Created: 06.07.2011 02:20
Modified: 30.03.2011 08:16
Company: Intel Corporation
[7F1918A7E963A3F8F5B76AA64700551E]
--------------------
Value Name: [LENOVO.TPKNRRES]
Value Data: [C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe]
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (verified signer: [Lenovo(Japan)Ltd.])
41320 bytes
Created: 06.07.2011 02:23
Modified: 10.03.2011 10:22
Company: Lenovo Group Limited
[CF1007D2E37BD301D5FE5AE9F3141D9D]
--------------------
Value Name: [ALCKRESI.EXE]
Value Data: [C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE]
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE (verified signer: [Lenovo(Japan)Ltd.])
281448 bytes
Created: 06.07.2011 02:23
Modified: 28.02.2011 09:35
Company: Lenovo Group Limited
[D887B58F690A1CA84E4971409193EB02]
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
10:03:19: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
************************************************************
10:03:19: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
10:03:19: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\PhotoScreensaver.scr
C:\Windows\System32\PhotoScreensaver.scr (verified signer: [Microsoft Windows])
477696 bytes
Created: 21.11.2010 05:25
Modified: 21.11.2010 05:25
Company: Microsoft Corporation
[B0951D9AF84D9639CF81BC99BE4084C0]
--------------------
************************************************************
10:03:19: Scanning ----- Registry Active Setup Keys -----
Key: {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\system32\ie4uinit.exe - [file not found to scan]
----------
Key: {A6EADE66-0000-0000-484E-7E8A45000000}
Path: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll (verified signer: [Adobe Systems, Incorporated])
287416 bytes
Created: 03.05.2016 16:41
Modified: 03.05.2016 16:41
Company: Adobe Systems, Inc.
[6116CA80B64A1A8442C14A90D3EAF1DE]
----------
************************************************************
10:03:19: Scanning ----- 64-Bit Registry Active Setup Keys -----
************************************************************
10:03:19: Scanning ----- SERVICEDLL REGISTRY KEYS -----
************************************************************
10:03:25: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AntiVirMailService
ImagePath: "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (verified signer: [Avira Operations GmbH & Co. KG])
970656 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[157DA3885AA4F03C80C10DAEB0949CAA]
----------
Key: AntiVirSchedulerService
ImagePath: "C:\Program Files (x86)\Avira\Antivirus\sched.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Antivirus\sched.exe (verified signer: [Avira Operations GmbH & Co. KG])
467016 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[BD65021AB0EC790AECC503C394E61BA4]
----------
Key: AntiVirService
ImagePath: "C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Antivirus\avguard.exe (verified signer: [Avira Operations GmbH & Co. KG])
467016 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[BD65021AB0EC790AECC503C394E61BA4]
----------
Key: AntiVirWebService
ImagePath: "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (verified signer: [Avira Operations GmbH & Co. KG])
1435704 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[CF586007CB1F9189CDF07D0D5A02C448]
----------
Key: Avira.ServiceHost
ImagePath: "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (verified signer: [Avira Operations GmbH & Co. KG])
276424 bytes
Created: 04.05.2016 17:10
Modified: 04.05.2016 17:10
Company: Avira Operations GmbH & Co. KG
[04B922C5BE92C42DD0C2B9D085D7C0CA]
----------
Key: BTWAMPFL
ImagePath: system32\DRIVERS\btwampfl.sys
Service Start Type: Manual
C:\Windows\System32\DRIVERS\btwampfl.sys (verified signer: [Broadcom Corporation])
425000 bytes
Created: 06.07.2011 02:14
Modified: 18.12.2010 09:58
Company: Broadcom Corporation.
[8834F87A6A745872894DF8223201A6C3]
----------
Key: btwdins
ImagePath: C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
Service Start Type: Automatic
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (verified signer: [Broadcom Corporation])
962848 bytes
Created: 18.12.2010 15:50
Modified: 18.12.2010 15:50
Company: Broadcom Corporation.
[EB4AFE08FB39BB444F221D7D501E0915]
----------
Key: CxAudMsg
ImagePath: C:\Windows\system32\CxAudMsg64.exe
Service Start Type: Automatic
C:\Windows\System32\CxAudMsg64.exe (verified signer: [Conexant Systems, Inc.])
198784 bytes
Created: 06.07.2011 02:17
Modified: 17.12.2010 01:18
Company: Conexant Systems Inc.
[9D0D050170D47E778B624A28C90F23DE]
----------
Key: DevoloNetworkService
ImagePath: C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
Service Start Type: Automatic
C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (verified signer: [devolo AG])
3755976 bytes
Created: 01.07.2015 16:26
Modified: 01.07.2015 16:26
Company: devolo AG
[0B24043732807EE3AA25389356F4DE7C]
----------
Key: DozeSvc
ImagePath: C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
Service Start Type: Manual
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (verified signer: [Lenovo(Japan)Ltd.])
477032 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo.
[E6987F7818154791A6937BCC6655599B]
----------
Key: DzHDD64
ImagePath: System32\DRIVERS\DzHDD64.sys
Service Start Type: Boot
C:\Windows\System32\DRIVERS\DzHDD64.sys (verified signer: [Lenovo(Japan)Ltd.])
31344 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo.
[CE4CFFD9F64B86BCEB1C343FC9924D72]
----------
Key: EvtEng
ImagePath: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
Service Start Type: Automatic
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (verified signer: [Intel Corporation - Mobile Wireless Group])
1515792 bytes
Created: 17.12.2010 14:41
Modified: 17.12.2010 14:41
Company: Intel(R) Corporation
[8B6C9924B0D333DBF76086B8258A0891]
----------
Key: jhi_service
ImagePath: C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
Service Start Type: Automatic
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (verified signer: [Intel® Identity Protection Technology Software])
212944 bytes
Created: 24.02.2011 00:10
Modified: 24.02.2011 00:10
Company: Intel Corporation
[6C85719A21B3F62C2C76280F4BD36C7B]
----------
Key: LENOVO.CAMMUTE
ImagePath: C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
Service Start Type: Automatic
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (verified signer: [Lenovo(Japan)Ltd.])
40808 bytes
Created: 06.07.2011 02:23
Modified: 10.03.2011 10:22
Company: Lenovo Group Limited
[F19C612D518064C321D6CB0AFDF3A108]
----------
Key: LENOVO.MICMUTE
ImagePath: C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
Service Start Type: Automatic
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (verified signer: [Lenovo(Japan)Ltd.])
45496 bytes
Created: 09.03.2011 04:01
Modified: 24.11.2010 09:34
Company: Lenovo Group Limited
[FCE735941DA27929DBFC1918F286FFD8]
----------
Key: LENOVO.TPKNRSVC
ImagePath: C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
Service Start Type: Automatic
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (verified signer: [Lenovo(Japan)Ltd.])
59240 bytes
Created: 06.07.2011 02:23
Modified: 10.03.2011 10:22
Company: Lenovo Group Limited
[5ED2F02A2621DF450E6DCA6FEA334961]
----------
Key: Lenovo.VIRTSCRLSVC
ImagePath: C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
Service Start Type: Automatic
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (verified signer: [Lenovo(Japan)Ltd.])
93032 bytes
Created: 09.03.2011 04:01
Modified: 07.04.2010 07:37
Company: Lenovo Group Limited
[6F2CC57EB5836D2AC9BD37F3554D55F8]
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Service Start Type: Automatic
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (verified signer: [Intel Corporation])
326168 bytes
Created: 06.07.2011 02:15
Modified: 17.01.2011 03:42
Company: Intel Corporation
[97F9EAAC985A663394CD8F54DCD3E73A]
----------
Key: MozillaMaintenance
ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
Service Start Type: Manual
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (verified signer: [Mozilla Corporation])
146888 bytes
Created: 10.04.2013 13:04
Modified: 10.06.2016 20:11
Company: Mozilla Foundation
[D6F67A73E6557578B755F7B534E00F47]
----------
Key: NPF_devolo
ImagePath: \SystemRoot\sysWOW64\drivers\npf_devolo.sys
Service Start Type: Automatic
C:\Windows\sysWOW64\drivers\npf_devolo.sys (verified signer: [devolo AG])
34048 bytes
Created: 04.03.2013 10:43
Modified: 04.03.2013 10:43
Company: CACE Technologies
[49697C2C761ACB5C0DE99CC8FE93E95B]
----------
Key: pmxdrv
ImagePath: \??\C:\Windows\system32\drivers\pmxdrv.sys
Service Start Type: Manual
C:\Windows\System32\drivers\pmxdrv.sys (verified signer: [PAIPTAC Driver])
31152 bytes
Created: 06.07.2011 02:15
Modified: 06.07.2011 02:15
Company: [no info]
[0BEE791C7C7ACE453C134E73633C497D]
----------
Key: Power Manager DBC Service
ImagePath: "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
Service Start Type: Manual
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (verified signer: [Lenovo(Japan)Ltd.])
83304 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: Lenovo
[DD233412DEB172B00E570B0B33E83974]
----------
Key: PwmEWSvc
ImagePath: C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
Service Start Type: Automatic
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
143360 bytes
Created: 06.07.2011 02:22
Modified: 24.03.2011 20:50
Company: [no info]
[83D064CD1E4CA65B40C1901DDCF6E9C1]
----------
Key: RegSrvc
ImagePath: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
Service Start Type: Automatic
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (verified signer: [Intel Corporation - Mobile Wireless Group])
836880 bytes
Created: 17.12.2010 14:26
Modified: 17.12.2010 14:26
Company: Intel(R) Corporation
[189C5A8D2098E0AA14FD157A954B34FC]
----------
Key: SAService
ImagePath: %SystemRoot%\system32\SAsrv.exe
Service Start Type: Automatic
C:\Windows\System32\SAsrv.exe - [file not found to scan]
----------
Key: SDScannerService
ImagePath: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (verified signer: [Safer Networking Ltd.])
1817560 bytes
Created: 10.12.2013 23:44
Modified: 16.05.2013 11:56
Company: Safer-Networking Ltd.
[95AA9E165C7DE1B64A11E8B18E91E499]
----------
Key: SDUpdateService
ImagePath: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (verified signer: [Safer Networking Ltd.])
1033688 bytes
Created: 10.12.2013 23:44
Modified: 16.05.2013 11:56
Company: Safer-Networking Ltd.
[D31398D4BB4907B517B6E784C2100C4A]
----------
Key: SDWSCService
ImagePath: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Service Start Type: Manual
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (verified signer: [Safer Networking Ltd.])
171928 bytes
Created: 10.12.2013 23:44
Modified: 15.05.2013 14:21
Company: Safer-Networking Ltd.
[6AE8E702D1027A9627DDE2B77BB9992B]
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx64.sys
Service Start Type: Boot
C:\Windows\System32\DRIVERS\Apsx64.sys (verified signer: [Lenovo(Japan)Ltd.])
139888 bytes
Created: 13.01.2011 14:04
Modified: 13.01.2011 14:04
Company: Lenovo.
[380B52126E62C6C2D3C8BA805AADFDC7]
----------
Key: SROSVC
ImagePath: C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
Service Start Type: Automatic
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (verified signer: [Lenovo(Japan)Ltd.])
443240 bytes
Created: 06.07.2011 02:15
Modified: 02.03.2011 15:07
Company: Lenovo Group Limited
[47118A04B1D4DCCCE3A1CDA3C10095B9]
----------
Key: SUService
ImagePath: "C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
28672 bytes
Created: 14.12.2010 14:07
Modified: 14.12.2010 14:07
Company: Lenovo Group Limited
[266D6BE20B40B7DC0949F5108E838B5E]
----------
Key: TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM64.sys
Service Start Type: Boot
C:\Windows\System32\DRIVERS\ApsHM64.sys (verified signer: [Lenovo(Japan)Ltd.])
23664 bytes
Created: 13.01.2011 14:02
Modified: 13.01.2011 14:02
Company: Lenovo.
[5523C729F1ED31B63C88490AF3D220FA]
----------
Key: TPHDEXLGSVC
ImagePath: System32\TPHDEXLG64.exe
Service Start Type: Manual
C:\Windows\System32\TPHDEXLG64.exe (verified signer: [Lenovo(Japan)Ltd.])
47728 bytes
Created: 13.01.2011 14:05
Modified: 13.01.2011 14:05
Company: Lenovo.
[ECB098A3404ACB8A05F0673DC086BB43]
----------
Key: TPHKLOAD
ImagePath: C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
Service Start Type: Automatic
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (verified signer: [Lenovo(Japan)Ltd.])
114024 bytes
Created: 09.03.2011 04:01
Modified: 03.12.2010 04:00
Company: Lenovo Group Limited
[63626012E44CAAA162677B57B6DCB542]
----------
Key: TPHKSVC
ImagePath: C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
Service Start Type: Automatic
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (verified signer: [Lenovo(Japan)Ltd.])
64440 bytes
Created: 09.03.2011 04:01
Modified: 02.12.2010 05:55
Company: Lenovo Group Limited
[9E6E4A9789F76593CC5A6A5AF8FC5929]
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (verified signer: [Intel Corporation])
2656280 bytes
Created: 06.07.2011 02:15
Modified: 17.01.2011 03:42
Company: Intel Corporation
[A69CD6BDB82872999D2E46F9324ADA83]
----------
Key: VIPAppService
ImagePath: "C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe"
Service Start Type: Automatic
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (verified signer: [Symantec Corporation])
84088 bytes
Created: 13.04.2011 05:58
Modified: 13.04.2011 05:58
Company: Symantec Corporation
[6AD85F32EA4AA65BB2EA652F2B9D4005]
----------
************************************************************
10:03:41: Scanning -----VXD ENTRIES-----
************************************************************
10:03:41: Scanning ----- ContextMenuHandlers -----
Key: SDECon32
CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC}
Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll (verified signer: [Safer Networking Ltd.])
134640 bytes
Created: 10.12.2013 23:44
Modified: 16.05.2013 11:55
Company: Safer-Networking Ltd.
[8C577C48E8DE4BF9550E39249A04C001]
----------
************************************************************
10:03:41: Scanning ----- Folder\ColumnHandlers -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll
C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll
435200 bytes
Created: 20.09.2013 14:50
Modified: 20.09.2013 14:50
Company: Apache Software Foundation
[65357C388A4D7F1B1CA89EDB21AA4118]
----------
************************************************************
10:03:41: Scanning ----- 64-Bit ContextMenuHandlers -----
Key: SDECon32
CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC}
Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
467456 bytes
Created: 10.12.2013 23:44
Modified: 16.05.2013 11:55
Company: Safer-Networking Ltd.
[BB5E24166EE6FB7E35A36083A8267BFA]
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files (x86)\Avira\Antivirus\shlext64.dll
C:\Program Files (x86)\Avira\Antivirus\shlext64.dll (verified signer: [Avira Operations GmbH & Co. KG])
2624848 bytes
Created: 16.08.2015 08:55
Modified: 26.05.2016 20:14
Company: Avira Operations GmbH & Co. KG
[5000306EC730475982103F81BC280AB6]
----------
************************************************************
10:03:41: Scanning ----- 64-Bit Folder\ColumnHandlers -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll
C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll
851968 bytes
Created: 20.09.2013 14:41
Modified: 20.09.2013 14:41
Company: Apache Software Foundation
[B9651BB53B8F3E0A0C07E2E7636901C5]
----------
************************************************************
10:03:41: Scanning ----- Browser Helper Objects -----
Key: {c3c77255-42c0-499f-b664-6e981a0b1647}
BHO: mscoree.dll
C:\Windows\SysWoW64\mscoree.dll (verified signer: [Microsoft Windows])
297808 bytes
Created: 21.11.2010 05:24
Modified: 21.11.2010 05:24
Company: Microsoft Corporation
[D83947A58613E9091B4C9CC0F1546A8D]
----------
Key: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}
BHO: C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (verified signer: [Symantec Corporation])
2065528 bytes
Created: 13.04.2011 05:58
Modified: 13.04.2011 05:58
Company: Symantec Corporation
[63A2F9C1BE2337DE5250D1594D46338F]
----------
************************************************************
10:03:42: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified signer: [Microsoft Corporation])
529280 bytes
Created: 21.09.2010 14:54
Modified: 21.09.2010 14:54
Company: Microsoft Corp.
[1FDF3D08ABDB54C9A0F14E31BA66EE0F]
----------
Key: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}
BHO: C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (verified signer: [Symantec Corporation])
2385024 bytes
Created: 13.04.2011 05:58
Modified: 13.04.2011 05:58
Company: Symantec Corporation
[F334A8CD8BFFE2C737DAC5B4A4BF85ED]
----------
************************************************************
10:03:42: Scanning ----- ShellServiceObjectDelayLoad Entries -----
************************************************************
10:03:42: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----
************************************************************
10:03:42: Scanning ----- ShellServiceObjects -----
************************************************************
10:03:44: Scanning ----- 64-Bit ShellServiceObjects -----
************************************************************
10:03:46: Scanning ----- SharedTaskScheduler Entries -----
No SharedTaskScheduler entries found to scan
************************************************************
10:03:46: Scanning ----- 64-Bit SharedTaskScheduler Entries -----
No 64-Bit SharedTaskScheduler entries found to scan
************************************************************
10:03:46: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
10:03:46: Scanning ----- APPINIT_DLLS -----
No AppInit_DLLs value found to check
************************************************************
Geändert von labbes (12.06.2016 um 14:08 Uhr) |
| Themen zu Anhang einer Spam-Mail angeklickt; jetzt ein autorun.inf-Problem |
| administrator, antivirus, anzahl, autorun.inf, autoruns, avira, blockiert, ccleaner, datei, device driver, dnsapi.dll, email, internet, klick, klicke, laufwerk, link, logfile, malwarebytes, namen, not, remover, rootkit, safer networking, spybot, super, trojan, zugriff, zugriff verweigert |
Baum-Darstellung