| philipp lahm | 01.04.2014 18:15 |
MBAM-Log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 01.04.2014
Suchlauf-Zeit: 14:26:22
Logdatei: mbam.txt
Administrator: Nein
Version: 2.00.0.1000
Malware Datenbank: v2014.04.01.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Johannes Kaindl
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 236887
Verstrichene Zeit: 11 Min, 13 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 7
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[a581ee373c3ffc3a694bba4a6f95e51b]
PUP.Optional.Snapdo, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[c85e12132952221475a81cf245bf41bf]
PUP.Optional.Conduit.A, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPBEC1A9D6-339F-4620-9167-2851276D4186&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPBEC1A9D6-339F-4620-9167-2851276D4186&SSPV=),Ersetzt,[db4b0f1664176fc745d0dc29c83cd32d]
PUP.Optional.Snapdo, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[c75f2df88bf0ab8b36e6c14dc143d62a]
PUP.Optional.Snapdo, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[aa7c5dc80e6d2e08938c21edd232629e]
PUP.Optional.Snapdo, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[170fae7798e3d660ea3659b5c73dd62a]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1795406587-59563567-99350790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=63d94552-5001-5bd6-b245-f53702eb6d46&searchtype=ds&q={searchTerms}&installDate=07/11/2013),Ersetzt,[fa2c2ff6d7a48aac8e27b35134d03dc3]
Ordner: 5
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\5D4965F862B045DC88D7B3F25BF23DE4, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\B121097088914A37BE4AC838CD8B01EB, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\E8633A38FD0C461A91F91B9E1F9E3D88, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\F9AC4087213D471BA4B0BF25F024FFA9, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
Dateien: 41
PUP.Optional.Amonetize, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\5D4965F862B045DC88D7B3F25BF23DE4\WS_p4v2_2CB2.exe, In Quarantäne, [978f2cf97902ad893a5c5c87f40f916f],
PUP.Optional.Amonetize, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\B121097088914A37BE4AC838CD8B01EB\WS_p4v2_2CB2.exe, In Quarantäne, [39edc65f9cdfb284484e01e2fd060af6],
PUP.Optional.InstallMonetizer, C:\$Recycle.Bin\S-1-5-21-1795406587-59563567-99350790-1000\$RGKM0ZI.exe, In Quarantäne, [3cea3ee7700bff378031c7591be654ac],
PUP.Optional.Linkury.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\Installer.exe, In Quarantäne, [6abc4adb4338a2945b08e8fa54af926e],
PUP.Optional.Conduit.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsj59E.exe, In Quarantäne, [47dfb86d57248caa07614acac33e8b75],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsnA24B.exe, In Quarantäne, [0f172ff66e0d37ff97a536ebbc45cd33],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsnC864.exe, In Quarantäne, [3bebbd689cdf5dd9c27a3ae7ce339c64],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nstC5C5.exe, In Quarantäne, [0d192cf9a6d582b43ffd44ddd32eb050],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsyA4AD.exe, In Quarantäne, [4bdbbd68e5968ea877c5a879e91845bb],
PUP.Optional.Somoto, C:\Users\Johannes Kaindl\AppData\Local\Temp\bitool.dll, In Quarantäne, [58cebe6722594cea4c791bd6768b738d],
PUP.Optional.Ellora, C:\Users\Johannes Kaindl\AppData\Local\Temp\FreemakeVideoDownloader_3.6.2.2.exe, In Quarantäne, [d254899c02798fa7c18282b78f726f91],
PUP.Optional.InstallMonetizer, C:\Users\Johannes Kaindl\AppData\Local\Temp\setup__3862.exe, In Quarantäne, [12145cc9d0abfd39892848d8e41dd62a],
PUP.Optional.Conduit.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\sp-downloader.exe, In Quarantäne, [9f875ec794e788aec3a5d83cda27ba46],
PUP.Optional.Conduit.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [7da9de472655fe38e9435cba09f8cf31],
PUP.Optional.SearchProtect.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nsd6E51.exe, In Quarantäne, [6db981a43f3cbb7b6bd139e8da2722de],
PUP.Optional.Somoto.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\nse4063.tmp, In Quarantäne, [2bfbf134c4b7c274872ae72824dd718f],
PUP.Optional.Conduit.A, C:\Users\Johannes Kaindl\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [071fa2831269fb3bb07c987e0bf6f907],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu4D8A.exe, In Quarantäne, [1f07eb3a2952e5512e0e40e10df4857b],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx5FC7.exe, In Quarantäne, [9e88ce57b4c745f1c379c859ff02a25e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx6809.exe, In Quarantäne, [1214cc592457112547f50e138d7431cf],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsxB9AA.exe, In Quarantäne, [eb3b39ec8eed6fc756e6ef3210f16c94],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz77A3.exe, In Quarantäne, [ef37ad78f08b5dd9bc80bc65778a669a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz87DC.exe, In Quarantäne, [ea3c75b0aecd58de1c20021f0ff22ed2],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslCD69.exe, In Quarantäne, [9d899194f5867cba300cb968a958bc44],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn2FCE.exe, In Quarantäne, [ff274bdad2a91c1a083400214eb35da3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp4E45.exe, In Quarantäne, [6cba43e29ddea690211bfd24b34ea957],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqCD3A.exe, In Quarantäne, [8d99e144463581b5b28ab66bd0311fe1],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu4187.exe, In Quarantäne, [6eb8ea3b2e4de452de5e79a881807d83],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsb96E0.exe, In Quarantäne, [40e6091c6c0ff93d3804bb660af75da3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc18B5.exe, In Quarantäne, [54d2ac79cbb091a586b67fa2ca377c84],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscFCFA.exe, In Quarantäne, [2ff75bca7cffaf8770cc899818e939c7],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nse7774.exe, In Quarantäne, [6fb71510aad1280eed4f170ae9188977],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nseDE23.exe, In Quarantäne, [fb2bea3ba2d9b3832b113de4f50c06fa],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh683F.exe, In Quarantäne, [76b01015b1ca8da979c3cc5554adcc34],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh9E84.exe, In Quarantäne, [3ee8ab7a82f92c0a4cf01011867b827e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshFD19.exe, In Quarantäne, [45e141e4cbb0c37326165bc606fba858],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiA495.exe, In Quarantäne, [42e4f82d89f22313b38936eb8d743bc5],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk9C37.exe, In Quarantäne, [34f250d5df9c45f1dd5f120fae53f60a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl2AA6.exe, In Quarantäne, [c4623beac3b849edac9071b049b826da],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\E8633A38FD0C461A91F91B9E1F9E3D88\Trial-14.0.1000.89_de-DE_1004727_AT-2.exe, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
PUP.Optional.OpenCandy, C:\Users\Johannes Kaindl\AppData\Roaming\OpenCandy\F9AC4087213D471BA4B0BF25F024FFA9\speedupmypcROE.exe, In Quarantäne, [36f00520f08b5dd924fc5ff2b05210f0],
Physische Sektoren: 0
(No malicious items detected)
(end)
Adwarecleaner-Log: Code:
# AdwCleaner v3.023 - Bericht erstellt am 01/04/2014 um 14:47:13
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Johannes Kaindl - LENOVOX230
# Gestartet von : C:\Users\Johannes Kaindl\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smarttweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v
[ Datei : C:\Users\Johannes Kaindl\AppData\Roaming\Mozilla\Firefox\Profiles\n1uf9ol0.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : search_url
Gelöscht : suggest_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [3636 octets] - [01/04/2014 14:45:53]
AdwCleaner[S0].txt - [3067 octets] - [01/04/2014 14:47:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3127 octets] ##########
ESET-Log: Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e5edee472e9a8046b5bd63b30f19b85b
# engine=17706
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-01 01:43:19
# local_time=2014-04-01 03:43:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 6107 14930957 0 0
# compatibility_mode=5893 16776573 100 94 5432 147989649 0 0
# scanned=107344
# found=0
# cleaned=0
# scan_time=1665
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e5edee472e9a8046b5bd63b30f19b85b
# engine=17706
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-01 04:18:42
# local_time=2014-04-01 06:18:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 15430 14940280 8201 0
# compatibility_mode=5893 16776573 100 94 14755 147998972 0 0
# scanned=407545
# found=0
# cleaned=0
# scan_time=9245
FRST-Log:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Johannes Kaindl (administrator) on LENOVOX230 on 01-04-2014 19:11:44
Running from C:\Users\Johannes Kaindl\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Johannes Kaindl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Zune\Zune.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295720 2013-10-25] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-09-26] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1795406587-59563567-99350790-1000\...\Run: [UpdateMyDrivers] - C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
HKU\S-1-5-21-1795406587-59563567-99350790-1000\...\Run: [Google Update] - C:\Users\Johannes Kaindl\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-08] (Google Inc.)
HKU\S-1-5-21-1795406587-59563567-99350790-1000\...\MountPoints2: {570632e7-8152-11e3-9e56-f82fa8e9174d} - D:\start.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Users\Johannes Kaindl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Johannes Kaindl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB85DC8EEEBDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Johannes Kaindl\AppData\Roaming\Mozilla\Firefox\Profiles\n1uf9ol0.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Johannes Kaindl\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Johannes Kaindl\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPBEC1A9D6-339F-4620-9167-2851276D4186&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-08]
CHR Extension: (Google Drive) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-08]
CHR Extension: (YouTube) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-08]
CHR Extension: (McAfee Security Scan+) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-24]
CHR Extension: (Freemake Video Downloader) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-01-03]
CHR Extension: (Google-Suche) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-08]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-01-03]
CHR Extension: (DVDVideoSoft) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-08]
CHR Extension: (Google Wallet) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR Extension: (Google Mail) - C:\Users\Johannes Kaindl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-01-03]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-10-22] (Lenovo.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [103936 2013-12-20] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197928 2013-10-25] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-01 19:10 - 2014-04-01 19:11 - 02157056 _____ (Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64 (1).exe
2014-04-01 15:09 - 2014-04-01 15:10 - 02347384 _____ (ESET) C:\Users\Johannes Kaindl\Downloads\esetsmartinstaller_enu.exe
2014-04-01 14:45 - 2014-04-01 14:47 - 00000000 ____D () C:\AdwCleaner
2014-04-01 14:45 - 2014-04-01 14:45 - 01426178 _____ () C:\Users\Johannes Kaindl\Downloads\adwcleaner.exe
2014-04-01 14:43 - 2014-04-01 14:43 - 00010997 _____ () C:\mbam.txt
2014-04-01 14:13 - 2014-04-01 19:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 14:12 - 2014-04-01 14:12 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 14:12 - 2014-04-01 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 14:12 - 2014-04-01 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 14:12 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 14:12 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-01 14:12 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 14:08 - 2014-04-01 14:12 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Johannes Kaindl\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 14:06 - 2014-04-01 14:06 - 00001260 _____ () C:\Users\Johannes Kaindl\Desktop\Revo Uninstaller.lnk
2014-04-01 14:06 - 2014-04-01 14:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-01 14:05 - 2014-04-01 14:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johannes Kaindl\Downloads\revosetup95.exe
2014-03-31 22:39 - 2014-04-01 19:11 - 00018300 _____ () C:\Users\Johannes Kaindl\Downloads\FRST.txt
2014-03-31 22:39 - 2014-03-31 22:40 - 00022752 _____ () C:\Users\Johannes Kaindl\Downloads\Addition.txt
2014-03-31 22:35 - 2014-03-31 22:36 - 02157056 _____ (Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64.exe
2014-03-31 16:10 - 2014-04-01 19:11 - 00000000 ____D () C:\FRST
2014-03-26 11:54 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-26 11:54 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-26 11:54 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-26 11:54 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-26 11:54 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-26 11:54 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-26 11:54 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-26 11:54 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-26 11:54 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-26 11:54 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-26 11:54 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-26 11:54 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-26 11:54 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-26 11:54 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-26 11:54 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-26 11:54 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-26 11:54 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-26 11:54 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-26 11:54 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-26 11:54 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-26 11:54 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-26 11:54 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-26 11:54 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-26 11:54 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-26 11:54 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-26 11:54 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-26 11:54 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-26 11:54 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-26 11:54 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-26 11:54 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-26 11:54 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-26 11:54 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-26 11:54 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-26 11:54 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-26 11:54 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-26 11:54 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-26 11:54 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-26 11:54 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-26 11:54 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-26 11:54 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-26 11:41 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-26 11:41 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-26 11:41 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-26 11:40 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-26 11:40 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-26 11:40 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-26 11:40 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-26 11:40 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
==================== One Month Modified Files and Folders =======
2014-04-01 19:11 - 2014-04-01 19:10 - 02157056 _____ (Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64 (1).exe
2014-04-01 19:11 - 2014-03-31 22:39 - 00018300 _____ () C:\Users\Johannes Kaindl\Downloads\FRST.txt
2014-04-01 19:11 - 2014-03-31 16:10 - 00000000 ____D () C:\FRST
2014-04-01 19:09 - 2014-04-01 14:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 19:05 - 2013-11-08 20:56 - 00001160 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795406587-59563567-99350790-1000UA.job
2014-04-01 19:02 - 2009-07-14 06:51 - 00038085 _____ () C:\Windows\setupact.log
2014-04-01 15:11 - 2011-04-12 09:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-01 15:11 - 2011-04-12 09:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-01 15:11 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 15:10 - 2014-04-01 15:09 - 02347384 _____ (ESET) C:\Users\Johannes Kaindl\Downloads\esetsmartinstaller_enu.exe
2014-04-01 14:56 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 14:56 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 14:53 - 2013-11-07 03:35 - 01333907 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 14:51 - 2013-11-11 13:13 - 00000566 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2014-04-01 14:48 - 2013-11-12 16:02 - 00000000 ___RD () C:\Users\Johannes Kaindl\Dropbox
2014-04-01 14:48 - 2013-11-12 15:59 - 00000000 ____D () C:\Users\Johannes Kaindl\AppData\Roaming\Dropbox
2014-04-01 14:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 14:47 - 2014-04-01 14:45 - 00000000 ____D () C:\AdwCleaner
2014-04-01 14:47 - 2010-11-21 05:47 - 00314136 _____ () C:\Windows\PFRO.log
2014-04-01 14:45 - 2014-04-01 14:45 - 01426178 _____ () C:\Users\Johannes Kaindl\Downloads\adwcleaner.exe
2014-04-01 14:43 - 2014-04-01 14:43 - 00010997 _____ () C:\mbam.txt
2014-04-01 14:39 - 2013-11-08 10:24 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-01 14:13 - 2013-11-08 20:56 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795406587-59563567-99350790-1000Core.job
2014-04-01 14:12 - 2014-04-01 14:12 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 14:12 - 2014-04-01 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 14:12 - 2014-04-01 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 14:12 - 2014-04-01 14:08 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Johannes Kaindl\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 14:06 - 2014-04-01 14:06 - 00001260 _____ () C:\Users\Johannes Kaindl\Desktop\Revo Uninstaller.lnk
2014-04-01 14:06 - 2014-04-01 14:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-01 14:06 - 2014-04-01 14:05 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johannes Kaindl\Downloads\revosetup95.exe
2014-03-31 22:40 - 2014-03-31 22:39 - 00022752 _____ () C:\Users\Johannes Kaindl\Downloads\Addition.txt
2014-03-31 22:36 - 2014-03-31 22:35 - 02157056 _____ (Farbar) C:\Users\Johannes Kaindl\Downloads\FRST64.exe
2014-03-31 14:28 - 2013-11-08 16:49 - 00000000 ____D () C:\Users\Johannes Kaindl\AppData\Local\Lenovo
2014-03-28 04:05 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 04:01 - 2013-11-10 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-28 04:00 - 2013-11-10 20:00 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-26 15:19 - 2013-11-07 22:24 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-03-26 15:19 - 2013-11-07 22:24 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-26 15:18 - 2013-11-08 10:24 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-03-26 15:18 - 2013-11-07 22:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-26 11:58 - 2013-11-08 21:23 - 00002404 _____ () C:\Users\Johannes Kaindl\Desktop\Google Chrome.lnk
2014-03-09 15:13 - 2013-11-08 10:25 - 00000000 ____D () C:\ldiag
2014-03-05 09:26 - 2014-04-01 14:12 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-01 14:12 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-01 14:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\Johannes Kaindl\AppData\Local\Temp\20131111100854782jniverify.dll
C:\Users\Johannes Kaindl\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.49.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-01 18:47
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Soll ich die Addition.txt auch noch posten? |
Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. 
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
