philipp lahm | 01.04.2014 18:15 | MBAM-Log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 01.04.2014
Suchlauf-Zeit: 14:26:22
Logdatei: mbam.txt
Administrator: Nein
Version: 2.00.0.1000
Malware Datenbank: v2014.04.01.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Johannes Kaindl
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 236887
Verstrichene Zeit: 11 Min, 13 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 7
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[a581ee373c3ffc3a694bba4a6f95e51b]
PUP.Optional.Snapdo, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[c85e12132952221475a81cf245bf41bf]
PUP.Optional.Conduit.A, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPBEC1A9D6-339F-4620-9167-2851276D4186&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPBEC1A9D6-339F-4620-9167-2851276D4186&SSPV=),Ersetzt,[db4b0f1664176fc745d0dc29c83cd32d]
PUP.Optional.Snapdo, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[c75f2df88bf0ab8b36e6c14dc143d62a]
PUP.Optional.Snapdo, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[aa7c5dc80e6d2e08938c21edd232629e]
PUP.Optional.Snapdo, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[170fae7798e3d660ea3659b5c73dd62a]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[fa2c2ff6d7a48aac8e27b35134d03dc3]
Ordner: 5
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\5D4965F862B045DC88D7B3F25BF23DE4, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\B121097088914A37BE4AC838CD8B01EB, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\E8633A38FD0C461A91F91B9E1F9E3D88, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\F9AC4087213D471BA4B0BF25F024FFA9, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
Dateien: 41
PUP.Optional.Amonetize, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\5D4965F862B045DC88D7B3F25BF23DE4\WS_p4v2_2CB2.exe, In Quarantäne, [978f2cf97902ad893a5c5c87f40f916f],
PUP.Optional.Amonetize, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\B121097088914A37BE4AC838CD8B01EB\WS_p4v2_2CB2.exe, In Quarantäne, [39edc65f9cdfb284484e01e2fd060af6],
PUP.Optional.InstallMonetizer, C:\$Recycle.Bin\S-1-5-21-1795406587-59563567-99350790-1000\$RGKM0ZI.exe, In Quarantäne, [3cea3ee7700bff378031c7591be654ac],
PUP.Optional.Linkury.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\Installer.exe, In Quarantäne, [6abc4adb4338a2945b08e8fa54af926e],
PUP.Optional.Conduit.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsj59E.exe, In Quarantäne, [47dfb86d57248caa07614acac33e8b75],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsnA24B.exe, In Quarantäne, [0f172ff66e0d37ff97a536ebbc45cd33],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsnC864.exe, In Quarantäne, [3bebbd689cdf5dd9c27a3ae7ce339c64],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nstC5C5.exe, In Quarantäne, [0d192cf9a6d582b43ffd44ddd32eb050],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsyA4AD.exe, In Quarantäne, [4bdbbd68e5968ea877c5a879e91845bb],
PUP.Optional.Somoto, C:\Users\Johannes Kaindl\AppData\Local\Temp\bitool.dll, In Quarantäne, [58cebe6722594cea4c791bd6768b738d],
PUP.Optional.Ellora, C:\Users\Johannes Kaindl\AppData\Local\Temp\FreemakeVideoDownloader_3.6.2.2.exe, In Quarantäne, [d254899c02798fa7c18282b78f726f91],
PUP.Optional.InstallMonetizer, C:\Users\Johannes Kaindl\AppData\Local\Temp\setup__3862.exe, In Quarantäne, [12145cc9d0abfd39892848d8e41dd62a],
PUP.Optional.Conduit.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\sp-downloader.exe, In Quarantäne, [9f875ec794e788aec3a5d83cda27ba46],
PUP.Optional.Conduit.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [7da9de472655fe38e9435cba09f8cf31],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsd6E51.exe, In Quarantäne, [6db981a43f3cbb7b6bd139e8da2722de],
PUP.Optional.Somoto.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nse4063.tmp, In Quarantäne, [2bfbf134c4b7c274872ae72824dd718f],
PUP.Optional.Conduit.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [071fa2831269fb3bb07c987e0bf6f907],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu4D8A.exe, In Quarantäne, [1f07eb3a2952e5512e0e40e10df4857b],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx5FC7.exe, In Quarantäne, [9e88ce57b4c745f1c379c859ff02a25e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx6809.exe, In Quarantäne, [1214cc592457112547f50e138d7431cf],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsxB9AA.exe, In Quarantäne, [eb3b39ec8eed6fc756e6ef3210f16c94],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz77A3.exe, In Quarantäne, [ef37ad78f08b5dd9bc80bc65778a669a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz87DC.exe, In Quarantäne, [ea3c75b0aecd58de1c20021f0ff22ed2],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslCD69.exe, In Quarantäne, [9d899194f5867cba300cb968a958bc44],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn2FCE.exe, In Quarantäne, [ff274bdad2a91c1a083400214eb35da3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp4E45.exe, In Quarantäne, [6cba43e29ddea690211bfd24b34ea957],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqCD3A.exe, In Quarantäne, [8d99e144463581b5b28ab66bd0311fe1],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu4187.exe, In Quarantäne, [6eb8ea3b2e4de452de5e79a881807d83],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsb96E0.exe, In Quarantäne, [40e6091c6c0ff93d3804bb660af75da3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc18B5.exe, In Quarantäne, [54d2ac79cbb091a586b67fa2ca377c84],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscFCFA.exe, In Quarantäne, [2ff75bca7cffaf8770cc899818e939c7],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nse7774.exe, In Quarantäne, [6fb71510aad1280eed4f170ae9188977],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nseDE23.exe, In Quarantäne, [fb2bea3ba2d9b3832b113de4f50c06fa],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh683F.exe, In Quarantäne, [76b01015b1ca8da979c3cc5554adcc34],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh9E84.exe, In Quarantäne, [3ee8ab7a82f92c0a4cf01011867b827e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshFD19.exe, In Quarantäne, [45e141e4cbb0c37326165bc606fba858],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiA495.exe, In Quarantäne, [42e4f82d89f22313b38936eb8d743bc5],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk9C37.exe, In Quarantäne, [34f250d5df9c45f1dd5f120fae53f60a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl2AA6.exe, In Quarantäne, [c4623beac3b849edac9071b049b826da],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\E8633A38FD0C461A91F91B9E1F9E3D88\Trial-14.0.1000.89_de-DE_1004727_AT-2.exe, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\F9AC4087213D471BA4B0BF25F024FFA9\speedupmypcROE.exe, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
Physische Sektoren: 0
(No malicious items detected)
(end) Adwarecleaner-Log: Code:
# AdwCleaner v3.023 - Bericht erstellt am 01/04/2014 um 14:47:13
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Johannes Kaindl - LENOVOX230
# Gestartet von : C:\Users\Johannes Kaindl\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smarttweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v
[ Datei : C:\Users\Johannes Kaindl\AppData\Roaming\Mozilla\Firefox\Profiles\n1uf9ol0.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : search_url
Gelöscht : suggest_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [3636 octets] - [01/04/2014 14:45:53]
AdwCleaner[S0].txt - [3067 octets] - [01/04/2014 14:47:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3127 octets] ########## ESET-Log: Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e5edee472e9a8046b5bd63b30f19b85b
# engine=17706
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-01 01:43:19
# local_time=2014-04-01 03:43:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 6107 14930957 0 0
# compatibility_mode=5893 16776573 100 94 5432 147989649 0 0
# scanned=107344
# found=0
# cleaned=0
# scan_time=1665
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e5edee472e9a8046b5bd63b30f19b85b
# engine=17706
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-01 04:18:42
# local_time=2014-04-01 06:18:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 15430 14940280 8201 0
# compatibility_mode=5893 16776573 100 94 14755 147998972 0 0
# scanned=407545
# found=0
# cleaned=0
# scan_time=9245 FRST-Log:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Johannes Kaindl (administrator) on LENOVOX230 on 01-04-2014 19:11:44
Running from C:\Users\Johannes Kaindl\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Johannes Kaindl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Zune\Zune.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295720 2013-10-25] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-09-26] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1795406587-59563567-99350790-1000\...\Run: [UpdateMyDrivers] - C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
HKU\S-1-5-21-1795406587-59563567-99350790-1000\...\Run: [Google Update] - C:\Users\Johannes Kaindl\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-08] (Google Inc.)
HKU\S-1-5-21-1795406587-59563567-99350790-1000\...\MountPoints2: {570632e7-8152-11e3-9e56-f82fa8e9174d} - D:\start.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Users\Johannes Kaindl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Johannes Kaindl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB85DC8EEEBDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Johannes Kaindl\AppData\Roaming\Mozilla\Firefox\Profiles\n1uf9ol0.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Johannes Kaindl\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Johannes Kaindl\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPBEC1A9D6-339F-4620-9167-2851276D4186&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-08]
CHR Extension: (Google Drive) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-08]
CHR Extension: (YouTube) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-08]
CHR Extension: (McAfee Security Scan+) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-24]
CHR Extension: (Freemake Video Downloader) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-01-03]
CHR Extension: (Google-Suche) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-08]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-01-03]
CHR Extension: (DVDVideoSoft) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-08]
CHR Extension: (Google Wallet) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR Extension: (Google Mail) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-01-03]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-10-22] (Lenovo.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [103936 2013-12-20] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197928 2013-10-25] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-01 19:10 - 2014-04-01 19:11 - 02157056 _____ (Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64 (1).exe
2014-04-01 15:09 - 2014-04-01 15:10 - 02347384 _____ (ESET) C:\Users\Johannes Kaindl\Downloads\esetsmartinstaller_enu.exe
2014-04-01 14:45 - 2014-04-01 14:47 - 00000000 ____D () C:\AdwCleaner
2014-04-01 14:45 - 2014-04-01 14:45 - 01426178 _____ () C:\Users\Johannes Kaindl\Downloads\adwcleaner.exe
2014-04-01 14:43 - 2014-04-01 14:43 - 00010997 _____ () C:\mbam.txt
2014-04-01 14:13 - 2014-04-01 19:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 14:12 - 2014-04-01 14:12 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 14:12 - 2014-04-01 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 14:12 - 2014-04-01 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 14:12 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 14:12 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-01 14:12 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 14:08 - 2014-04-01 14:12 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Johannes Kaindl\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 14:06 - 2014-04-01 14:06 - 00001260 _____ () C:\Users\Johannes Kaindl\Desktop\Revo Uninstaller.lnk
2014-04-01 14:06 - 2014-04-01 14:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-01 14:05 - 2014-04-01 14:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johannes Kaindl\Downloads\revosetup95.exe
2014-03-31 22:39 - 2014-04-01 19:11 - 00018300 _____ () C:\Users\Johannes Kaindl\Downloads\FRST.txt
2014-03-31 22:39 - 2014-03-31 22:40 - 00022752 _____ () C:\Users\Johannes Kaindl\Downloads\Addition.txt
2014-03-31 22:35 - 2014-03-31 22:36 - 02157056 _____ (Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64.exe
2014-03-31 16:10 - 2014-04-01 19:11 - 00000000 ____D () C:\FRST
2014-03-26 11:54 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-26 11:54 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-26 11:54 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-26 11:54 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-26 11:54 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-26 11:54 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-26 11:54 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-26 11:54 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-26 11:54 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-26 11:54 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-26 11:54 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-26 11:54 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-26 11:54 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-26 11:54 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-26 11:54 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-26 11:54 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-26 11:54 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-26 11:54 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-26 11:54 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-26 11:54 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-26 11:54 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-26 11:54 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-26 11:54 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-26 11:54 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-26 11:54 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-26 11:54 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-26 11:54 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-26 11:54 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-26 11:54 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-26 11:54 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-26 11:54 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-26 11:54 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-26 11:54 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-26 11:54 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-26 11:54 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-26 11:54 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-26 11:54 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-26 11:54 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-26 11:54 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-26 11:54 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-26 11:41 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-26 11:41 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-26 11:41 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-26 11:40 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-26 11:40 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-26 11:40 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-26 11:40 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-26 11:40 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
==================== One Month Modified Files and Folders =======
2014-04-01 19:11 - 2014-04-01 19:10 - 02157056 _____ (Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64 (1).exe
2014-04-01 19:11 - 2014-03-31 22:39 - 00018300 _____ () C:\Users\Johannes Kaindl\Downloads\FRST.txt
2014-04-01 19:11 - 2014-03-31 16:10 - 00000000 ____D () C:\FRST
2014-04-01 19:09 - 2014-04-01 14:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 19:05 - 2013-11-08 20:56 - 00001160 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795406587-59563567-99350790-1000UA.job
2014-04-01 19:02 - 2009-07-14 06:51 - 00038085 _____ () C:\Windows\setupact.log
2014-04-01 15:11 - 2011-04-12 09:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-01 15:11 - 2011-04-12 09:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-01 15:11 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 15:10 - 2014-04-01 15:09 - 02347384 _____ (ESET) C:\Users\Johannes Kaindl\Downloads\esetsmartinstaller_enu.exe
2014-04-01 14:56 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 14:56 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 14:53 - 2013-11-07 03:35 - 01333907 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 14:51 - 2013-11-11 13:13 - 00000566 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2014-04-01 14:48 - 2013-11-12 16:02 - 00000000 ___RD () C:\Users\Johannes Kaindl\Dropbox
2014-04-01 14:48 - 2013-11-12 15:59 - 00000000 ____D () C:\Users\Johannes Kaindl\AppData\Roaming\Dropbox
2014-04-01 14:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 14:47 - 2014-04-01 14:45 - 00000000 ____D () C:\AdwCleaner
2014-04-01 14:47 - 2010-11-21 05:47 - 00314136 _____ () C:\Windows\PFRO.log
2014-04-01 14:45 - 2014-04-01 14:45 - 01426178 _____ () C:\Users\Johannes Kaindl\Downloads\adwcleaner.exe
2014-04-01 14:43 - 2014-04-01 14:43 - 00010997 _____ () C:\mbam.txt
2014-04-01 14:39 - 2013-11-08 10:24 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-01 14:13 - 2013-11-08 20:56 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795406587-59563567-99350790-1000Core.job
2014-04-01 14:12 - 2014-04-01 14:12 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 14:12 - 2014-04-01 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 14:12 - 2014-04-01 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 14:12 - 2014-04-01 14:08 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Johannes Kaindl\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 14:06 - 2014-04-01 14:06 - 00001260 _____ () C:\Users\Johannes Kaindl\Desktop\Revo Uninstaller.lnk
2014-04-01 14:06 - 2014-04-01 14:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-01 14:06 - 2014-04-01 14:05 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johannes Kaindl\Downloads\revosetup95.exe
2014-03-31 22:40 - 2014-03-31 22:39 - 00022752 _____ () C:\Users\Johannes Kaindl\Downloads\Addition.txt
2014-03-31 22:36 - 2014-03-31 22:35 - 02157056 _____ (Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64.exe
2014-03-31 14:28 - 2013-11-08 16:49 - 00000000 ____D () C:\Users\Johannes Kaindl\AppData\Local\Lenovo
2014-03-28 04:05 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 04:01 - 2013-11-10 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-28 04:00 - 2013-11-10 20:00 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-26 15:19 - 2013-11-07 22:24 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-03-26 15:19 - 2013-11-07 22:24 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-26 15:18 - 2013-11-08 10:24 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-03-26 15:18 - 2013-11-07 22:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-26 11:58 - 2013-11-08 21:23 - 00002404 _____ () C:\Users\Johannes Kaindl\Desktop\Google Chrome.lnk
2014-03-09 15:13 - 2013-11-08 10:25 - 00000000 ____D () C:\ldiag
2014-03-05 09:26 - 2014-04-01 14:12 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-01 14:12 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-01 14:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\Johannes Kaindl\AppData\Local\Temp\20131111100854782jniverify.dll
C:\Users\Johannes Kaindl\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.49.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-01 18:47
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
Soll ich die Addition.txt auch noch posten? |