Trojaner-Board - Laptop fährt beim eingeben wichtiger Daten manchmal runter.

Zitat:

Zitat von schrauber (Beitrag 1475231)

Wie kann man sowas machen? Wenn man einen unbekannten PC kauft wird der immer von einem selbst neu aufgesetzt!

Klar können wir scannen, aber wenn einer vor dem PC sitzt bekommt der mit Fachwissen Sachen installiert und eingebaut, die wir niemals finden......

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo schrauber, im regelfall sollte man natürlich selber das System aufsetzen. Da mir jedoch derzeit die nötigte Zeit fehlt um alles wieder neuzuinstallieren sowie eine Win Cd / Usb stick möchte ich das gerne vermeiden.

FRST.TXT
---------------------------------------------

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015

Ran by HANS (administrator) on HANS-PC on 06-06-2015 21:08:52

Running from C:\Users\HANS\Desktop

Loaded Profiles: HANS (Available Profiles: HANS)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

() C:\Users\HANS\Downloads\Gmer-19357.exe

(PortableApps.com) C:\Users\HANS\Desktop\FirefoxPortable\FirefoxPortable.exe

(Mozilla Corporation) C:\Users\HANS\Desktop\FirefoxPortable\App\Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)

HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.)

HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1792008 2015-03-26] (Lenovo Group Limited)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-2505245844-4133986152-3414509051-1000\...\Run: [GoogleChromeAutoLaunch_AF3BB3A160FC9EDD5AA97758F5F348FE] => "C:\Users\HANS\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window --auto-launch-at-startup --profile-directory="Default"

HKU\S-1-5-21-2505245844-4133986152-3414509051-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)

HKU\S-1-5-21-2505245844-4133986152-3414509051-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)

HKU\S-1-5-21-2505245844-4133986152-3414509051-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-06-02] (TrueCrypt Foundation)

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-01-28]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-2505245844-4133986152-3414509051-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=pr__alt__ddc_dsssyc_bd_com

HKU\S-1-5-21-2505245844-4133986152-3414509051-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =

SearchScopes: HKU\S-1-5-21-2505245844-4133986152-3414509051-1000 -> DefaultScope {6D282FDE-8653-44DD-B0E0-B0221B4F526E} URL = hxxp://searchsimple-a.akamaihd.net/?affID=pr_02a9de7d-3456-4728-8e40-d116f3838d6d&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2505245844-4133986152-3414509051-1000 -> OldSearch URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_coinis_15_12&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0CzzyCyE0BtA0CyEyC0EtN0D0Tzu0StCtCyByDtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2SyEyD0B0A0FtDyEzytGtB0D0CtBtGtCtDyC0BtGyE0A0EyCtGyCyB0Dzy0D0AtB0FyCtBzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyB0EtAtCyDzz0BtGtD0DyE0CtGyEzzzyyBtG0BtDyC0FtG0CyBtByCzz0F0FtDyDyD0A0A2Q&cr=1447628980&ir=

SearchScopes: HKU\S-1-5-21-2505245844-4133986152-3414509051-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-2505245844-4133986152-3414509051-1000 -> {6D282FDE-8653-44DD-B0E0-B0221B4F526E} URL = hxxp://searchsimple-a.akamaihd.net/?affID=pr_02a9de7d-3456-4728-8e40-d116f3838d6d&q={searchTerms}

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-02] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-02] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)

FF HKU\S-1-5-21-2505245844-4133986152-3414509051-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2015-06-02]

 

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - https://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-02] (Disc Soft Ltd)

R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)

R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)

S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)

R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)

R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)

R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)

U3 kxldipoc; \??\C:\Users\HANS\AppData\Local\Temp\kxldipoc.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Addition TXT
-------------------------------------------------------------------

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2015

Ran by HANS at 2015-06-06 20:58:39

Running from C:\Users\HANS\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2505245844-4133986152-3414509051-500 - Administrator - Disabled)

Gast (S-1-5-21-2505245844-4133986152-3414509051-501 - Limited - Disabled)

HANS (S-1-5-21-2505245844-4133986152-3414509051-1000 - Administrator - Enabled) => C:\Users\HANS

HomeGroupUser$ (S-1-5-21-2505245844-4133986152-3414509051-1002 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)

CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)

Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)

Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)

Intel PROSet Wireless (x32 Version:  - ) Hidden

Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)

Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )

Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)

Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)

RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)

ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )

ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - )

ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)

ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.5.0 - Lenovo Group Limited)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

28-01-2015 16:08:09 Installiert ThinkPad 1x1 11b/g/n Wireless LAN PCI Express Half M¿.<

28-01-2015 16:10:55 Installiert Integrated Camera Driver Installer Package Ver.1.1.0J?%

28-01-2015 16:11:32 Installed Integrated Camera TWAIN

28-01-2015 16:12:02 Installiert RICOH_Media_Driver_v2.14.18.01

28-01-2015 16:13:58 Windows Update

28-01-2015 16:19:23 Installed Intel(R) PROSet/Wireless WiFi Software.

28-01-2015 16:30:22 Installiert Lenovo Screen Reading Optimizer

28-01-2015 16:45:07 Installed Lenovo Power Management Driver

28-01-2015 16:47:11 Intel® Netzwerkanschlüsse

28-01-2015 16:49:23 Installiert Mobile Broadband Drivers

28-01-2015 17:02:27 Installed Intel(R) Identity Protection Technology 1.2.28.0.

28-01-2015 17:07:59 Windows Update

21-03-2015 22:29:15 Wiederherstellungsvorgang

02-06-2015 01:39:44 Installed ThinkVantage Password Manager.

02-06-2015 02:27:10 TrueCrypt installation

02-06-2015 02:34:32 Gerätetreiber-Paketinstallation: Disc Soft Ltd Speichercontroller

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {2DEC4506-2C73-4D57-AF84-DA945C105E18} - \Yahoo! Search Updater No Task File <==== ATTENTION

Task: {74AE8903-E676-43D3-BB87-4FAA6C3D34F6} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe

Task: {7F2457BC-A9A6-43BC-AF11-8C03F005BC1B} - \Binkiland mifo No Task File <==== ATTENTION

Task: {9B9E6E5E-8266-45A1-AECB-530F430054AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)

Task: {C92F9FB3-49B5-4144-B213-A67B59EBB24F} - \Yahoo! Search No Task File <==== ATTENTION

 

==================== Loaded Modules (Whitelisted) ==============

 

2011-11-01 13:58 - 2011-11-01 13:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

2015-01-28 17:03 - 2013-11-01 04:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-06-02 01:40 - 2015-03-26 20:25 - 00600072 _____ () C:\Program Files\Lenovo\Password Manager\pwm_website_config.dll

2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2015-01-28 16:49 - 2011-05-26 18:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll

2015-03-26 20:20 - 2015-03-26 20:20 - 00545288 _____ () C:\Program Files (x86)\Lenovo\Password Manager\pwm_website_config.dll

2015-06-06 17:40 - 2015-06-06 17:40 - 00029696 _____ () C:\Users\HANS\AppData\Local\Temp\nsk1314.tmp\registry.dll

2015-06-06 17:40 - 2015-06-06 17:40 - 00008704 _____ () C:\Users\HANS\AppData\Local\Temp\nsk1314.tmp\newadvsplash.dll

2015-06-06 17:41 - 2015-06-06 17:41 - 00011264 _____ () C:\Users\HANS\AppData\Local\Temp\nsk1314.tmp\System.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2505245844-4133986152-3414509051-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.178.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/06/2015 05:40:30 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/04/2015 09:17:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/02/2015 06:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/02/2015 01:50:17 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/02/2015 01:46:32 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/02/2015 01:39:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

 

 

Details:

AddWin32ServiceFiles: Unable to back up image of service Util Primary Result since QueryServiceConfig API failed

 

System Error:

Das System kann die angegebene Datei nicht finden.

.

 

Error: (06/02/2015 01:39:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

 

 

Details:

AddWin32ServiceFiles: Unable to back up image of service Update Primary Result since QueryServiceConfig API failed

 

System Error:

Das System kann die angegebene Datei nicht finden.

.

 

Error: (06/02/2015 01:39:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary {fb7f80a9-0102-4cff-bdb6-f3761a4dd2df}Gw64.

 

System Error:

Das System kann die angegebene Datei nicht finden.

.

 

Error: (06/02/2015 01:39:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary {c2812e93-4fef-423f-98ce-9a06fe4e2372}Gw64.

 

System Error:

Das System kann die angegebene Datei nicht finden.

.

 

Error: (06/02/2015 00:59:48 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912

Name des fehlerhaften Moduls: BtMmHook.dll, Version: 6.4.0.2900, Zeitstempel: 0x4e9ca4f1

Ausnahmecode: 0x40000015

Fehleroffset: 0x00011ce6

ID des fehlerhaften Prozesses: 0x1028

Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0

Pfad der fehlerhaften Anwendung: iexplore.exe1

Pfad des fehlerhaften Moduls: iexplore.exe2

Berichtskennung: iexplore.exe3

 

 

System errors:

=============

Error: (06/06/2015 05:40:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126

 

Error: (06/06/2015 05:40:07 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎05.‎06.‎2015 um 05:32:25 unerwartet heruntergefahren.

 

Error: (06/04/2015 09:17:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126

 

Error: (06/04/2015 09:17:16 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎02.‎06.‎2015 um 19:44:36 unerwartet heruntergefahren.

 

Error: (06/02/2015 06:00:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126

 

Error: (06/02/2015 01:50:00 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126

 

Error: (06/02/2015 01:46:09 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126

 

Error: (06/02/2015 00:59:49 AM) (Source: DCOM) (EventID: 10016) (User: HANS-PC)

Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HANS-PCHANSS-1-5-21-2505245844-4133986152-3414509051-1000LocalHost (unter Verwendung von LRPC)

 

Error: (06/01/2015 10:49:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126

 

Error: (05/01/2015 08:08:59 AM) (Source: DCOM) (EventID: 10016) (User: HANS-PC)

Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HANS-PCHANSS-1-5-21-2505245844-4133986152-3414509051-1000LocalHost (unter Verwendung von LRPC)

 

 

Microsoft Office:

=========================

Error: (06/06/2015 05:40:30 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/04/2015 09:17:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/02/2015 06:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/02/2015 01:50:17 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/02/2015 01:46:32 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/02/2015 01:39:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service Util Primary Result since QueryServiceConfig API failed

 

System Error:

Das System kann die angegebene Datei nicht finden.

 

Error: (06/02/2015 01:39:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service Update Primary Result since QueryServiceConfig API failed

 

System Error:

Das System kann die angegebene Datei nicht finden.

 

Error: (06/02/2015 01:39:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary {fb7f80a9-0102-4cff-bdb6-f3761a4dd2df}Gw64.

 

System Error:

Das System kann die angegebene Datei nicht finden.

 

Error: (06/02/2015 01:39:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary {c2812e93-4fef-423f-98ce-9a06fe4e2372}Gw64.

 

System Error:

Das System kann die angegebene Datei nicht finden.

 

Error: (06/02/2015 00:59:48 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe8.0.7601.175144ce79912BtMmHook.dll6.4.0.29004e9ca4f14000001500011ce6102801d09cbea724c748C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dlle688670f-08b1-11e5-8752-028037ec0200

 

 

==================== Memory info ===========================

 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 49%

Total physical RAM: 3979.19 MB

Available physical RAM: 2020.7 MB

Total Pagefile: 7956.58 MB

Available Pagefile: 5804.94 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:117.55 GB) (Free:90.08 GB) NTFS

Drive d: () (Fixed) (Total:115.23 GB) (Free:113.77 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 8FB8119A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=117.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=115.2 GB) - (Type=07 NTFS)

 
 

    ==================== End of log ============================

--- --- ---

GMER.TXT

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-06-06 21:06:07

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS545025B9A300 rev.PB2ZC61H 232,89GB

Running: Gmer-19357.exe; Driver: C:\Users\HANS\AppData\Local\Temp\kxldipoc.sys

 

 

---- User code sections - GMER 2.1 ----

 

.text    C:\Windows\SysWOW64\RunDll32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000076b81465 2 bytes [B8, 76]

.text    C:\Windows\SysWOW64\RunDll32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000076b814bb 2 bytes [B8, 76]

.text    ...                                                                                                                                                    * 2

.text    C:\Users\HANS\Downloads\Gmer-19357.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   0000000076b81465 2 bytes [B8, 76]

.text    C:\Users\HANS\Downloads\Gmer-19357.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  0000000076b814bb 2 bytes [B8, 76]

.text    ...                                                                                                                                                    * 2

---- Processes - GMER 2.1 ----

 

Library  C:\Users\HANS\AppData\Local\Temp\nsk1314.tmp\registry.dll (*** suspicious ***) @ C:\Users\HANS\Desktop\FirefoxPortable\FirefoxPortable.exe [3940]      00000000047e0000

Library  C:\Users\HANS\AppData\Local\Temp\nsk1314.tmp\newadvsplash.dll (*** suspicious ***) @ C:\Users\HANS\Desktop\FirefoxPortable\FirefoxPortable.exe [3940]  0000000000630000

Library  C:\Users\HANS\AppData\Local\Temp\nsk1314.tmp\System.dll (*** suspicious ***) @ C:\Users\HANS\Desktop\FirefoxPortable\FirefoxPortable.exe [3940]        00000000745a0000

 

---- Disk sectors - GMER 2.1 ----

 

Disk     \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

 

---- EOF - GMER 2.1 ----