leucorchestris

Members

View Profile See their activity

Posts
16
Joined
January 2, 2014
Last visited
January 7, 2014

Reputation

0 Neutral

Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

All completed. A thousand thanks once again.
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Dear CarlosTurco, sorry for the late reply, but I ran a full scan. There are no more infections reported. I can't tell you how grateful I am for your help. I will purchase the pro version of Malwarebytes and hope that a combination with Avast and the infos in you linked post will help me to keep my machine clean in the future. I just have two final questions. Should I delete all software we downloaded and should I deactivitae Windows defender when I have Avast and Malwarebyte pro active? Thanks again for your patience and help leucorchestris
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Sorry CarlosTurco, here is the last log file in english alwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.06.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 KB :: KB-PC [administrator] 06.01.2014 20:49:02 MBAM-log-2014-01-06 (20-57-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 233399 Time elapsed: 8 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

The last log I posted was running Malwarebytes under my user account. If I run Malwarebytes as administrator Malware.Trace is still present. This is the log-file as administratot: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.06.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 KB :: KB-PC [Administrator] 06.01.2014 20:34:07 MBAM-log-2014-01-06 (20-45-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233366 Laufzeit: 8 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Hi, no I did not download anything. the log is Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.02.03 Windows 7 Service Pack 1 x86 FAT Internet Explorer 11.0.9600.16476 KB_2 :: KB-PC [limited] 06.01.2014 17:26:23 MBAM-log-2014-01-06 (18-20-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 174370 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Thanks CarlosTurco, I ran Delfix. To check if there are any remaining issues I used a quick scan in Malwarebytes and this time it came up with a PUM:Hijack.StartMenu warning. This warning was not present on the initial, complete scan a few days ago. What should I do? cheers
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

CarlosTurco, this is the content of checkup.txt Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Adobe Flash Player 11.9.900.170 Mozilla Firefox (26.0) Mozilla Thunderbird (17.0.3) Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Thanks again for your help
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Now I got it. TDSSKiller.3.0.0.19_05.01.2014_19.39.52_log.txt
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

I cannot manage to post the whole report as it is too long, but the final section is 19:44:26.0656 0x180c Scan finished 19:44:26.0656 0x180c ============================================================ 19:44:26.0656 0x1444 Detected object count: 0 19:44:26.0656 0x1444 Actual detected object count: 0 19:44:29.0620 0x045c Deinitialize success
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Hi for some reason I cannot directly post the log file. I can copy and paste it to the reply window, but the reply will not upload to the forum. Is the log file too long, are there alternative ways of posting it? Thanks and sorry for my inexperience
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

CarlosTurco, unfortunatley I still receive a warning about a possible rootkit infection at the end of the dds file . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12.01.2013 16:33:56 System Uptime: 04.01.2014 22:51:57 (20 hours ago) . Motherboard: LENOVO | | 2786W3C Processor: Intel® Core2 Duo CPU T6670 @ 2.20GHz | None | 2201/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 146 GiB total, 69,605 GiB free. D: is FIXED (NTFS) - 319 GiB total, 256,136 GiB free. E: is CDROM () F: is FIXED (NTFS) - 931 GiB total, 314,248 GiB free. J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: WD SES Device USB Device Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1003\575836314132314135373034&1 Manufacturer: Name: WD SES Device USB Device PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1003\575836314132314135373034&1 Service: . ==== System Restore Points =================== . RP179: 20.12.2013 09:16:56 - Windows Update RP181: 21.12.2013 08:17:18 - avast! antivirus system restore point RP182: 21.12.2013 08:20:02 - Gerätetreiber-Paketinstallation: Avast Netzwerkdienst RP183: 23.12.2013 09:32:29 - Windows-Sicherung RP184: 24.12.2013 09:22:35 - Windows Update RP185: 27.12.2013 09:34:02 - Windows Update RP186: 02.01.2014 07:53:28 - Windows Update RP187: 02.01.2014 07:57:03 - Windows-Sicherung RP188: 04.01.2014 19:09:55 - zoek.exe restore point . ==== Installed Programs ====================== . 7-Zip 9.20 Access Help Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Design Standard Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Amazon Cloud Player Amazon MP3-Downloader 1.0.18 Anzeige am Bildschirm ATI Catalyst Install Manager ATI Uninstaller avast! Internet Security BankID Security Application Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Dutch CCC Help English CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Portuguese CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Citavi Civilization III Complete Edition Civilization III v1.29f Comprehensive Meta Analysis Version 2 Conexant 20561 SmartAudio HD Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dienstprogramm "ThinkPad UltraNav" Energie-Manager ESET Online Scanner v3 FortiClient SSLVPN v4.0.2148 Google Chrome Google Update Helper GPS TrackMaker Integrated Camera Intel PROSet Wireless Intel® Management Engine Interface Intel® Network Connections Drivers Intel® Matrix Storage Manager Intel® PROSet/Wireless WiFi-Software InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) IsoSource Java 7 Update 45 Java Auto Updater Lenovo Auto Scroll Utility Lenovo Patch Utility Lenovo Power Management Driver Lenovo System Interface Driver Lenovo System Update Malwarebytes Anti-Malware Version 1.75.0.1300 Map of Europe Media Go Media Go Video Playback Engine 1.116.107.02030 Mendeley Desktop 1.8.3 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office Access MUI (English) 2010 Microsoft Office Access MUI (German) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Language Pack 2010 - German/Deutsch Microsoft Office O MUI (German) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer MUI (German) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Office X MUI (German) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 26.0 (x86 de) Mozilla Maintenance Service Mozilla Thunderbird 17.0.3 (x86 de) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPhoneExplorer PASSaGE 2 PDF Settings CS5 PlayStation®Store PRIMER 6 ProCite 5 PX Profile Update Python 2.7 scipy-0.11.0 Python 2.7.3 QGIS Dufour 2.0.1 Dufour R for Windows 2.15.2 R for Windows 2.15.3 R for Windows 3.0.2 Rescue and Recovery RnR Sysprep Patch SAM Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition SigmaPlot 10.0.1 Skype™ 6.1 Sony Ericsson Update Engine Sony PC Companion 2.10.181 STATISTICA 10.0.1011.4 STATISTICA 6 STATISTICA Version Manager STATNOVAPDF (novaPDF 7.4 printer) SyncBackFree ThinkPad FullScreen Magnifier ThinkPad Modem Adapter ThinkPad UltraNav Driver ThinkPad Wireless LAN Adapter Software ThinkVantage Access Connections ThinkVantage Communications Utility ThinkVantage System für aktiven Festplattenschutz TumblRipper Uninstall N_AShell v 1.0 Uninstall SADIEShell v 2.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition VLC media player 2.0.8 Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) WinRAR 4.20 (32-Bit) . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by KB at 18:36:31 on 2014-01-05 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2520.935 [GMT 1:00] . AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\FortiSSLVPNdaemon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\TpShocks.exe C:\Windows\System32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\Users\KB_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe C:\Program Files\Personal\bin\Personal.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\TpShocks.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files\Personal\bin\Personal.exe C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\Windows\system32\igfxext.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background uRun: [Amazon Cloud Player] "c:\users\kb\appdata\local\amazon cloud player\Amazon Music Helper.exe" uRun: [AmazonMP3DownloaderHelper] c:\users\kb\appdata\local\program files\amazon\mp3 downloader\AmazonMP3DownloaderHelper.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe mRun: [TpShocks] TpShocks.exe mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: DisallowCpl = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: DisableCAD = dword:1 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.0.1 192.168.0.2 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8} : DHCPNameServer = 192.168.0.1 192.168.0.2 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\354756E637F6666616 : DHCPNameServer = 195.67.199.39 195.67.199.40 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\64259445A51224F687 : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\7596C6C656D63786F6566756 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\75C414E4D2030323436454147344447363 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\A55424 : DHCPNameServer = 192.168.201.1 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\E494F4F4D2751474 : DHCPNameServer = 10.128.20.45 10.128.20.44 TCP: Interfaces\{E9623EF3-A578-421D-8916-7B22E88C7338} : DHCPNameServer = 130.235.63.228 130.235.63.232 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL LSA: Notification Packages = scecli ACGina mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kb\appdata\roaming\mozilla\firefox\profiles\pqsrjkp4.default\ FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\personal\bin\np_prsnl.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - plugin: c:\users\kb\appdata\local\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10181.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-15 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-15 180248] R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2013-1-12 25416] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2012-9-6 20328] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-1-12 26136] R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2013-3-15 264560] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-12 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-12 410528] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2013-1-12 13680] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-1-12 176128] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-12 67824] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-21 50344] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-12-21 113704] R2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2011-10-14 830056] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2013-1-12 43584] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2013-1-12 62016] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2013-1-12 127336] R2 STATISTICA Version Manager;STATISTICA Version Manager;c:\program files\statsoft\statistica version manager\rgSTr.exe [2013-11-19 18944] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2013-1-12 131432] R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2013-1-12 142696] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-6-25 2759984] R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-21 64168] R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-8-30 969192] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2013-1-12 223960] R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2013-1-12 9037312] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-5-11 88832] R3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-1-23 7523840] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2013-1-12 1666112] R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384] R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2013-1-12 38200] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2011-5-30 37432] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2013-1-12 101736] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2013-1-12 45736] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2013-1-12 280640] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-6-29 12400] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032] S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2013-1-12 1665088] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-12 14848] S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-6-29 155824] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-12 49664] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-12 1343400] . =============== Created Last 30 ================ . 2014-01-04 19:31:24 -------- d-----w- c:\program files\ESET 2014-01-04 18:36:32 -------- d-sh--w- C:\$RECYCLE.BIN 2014-01-04 18:26:48 24064 ----a-w- c:\windows\zoek-delete.exe 2014-01-04 18:26:43 -------- d-----w- c:\users\kb\appdata\local\Temp 2014-01-04 18:08:16 -------- d-----w- C:\zoek_backup 2014-01-04 18:01:27 -------- d-----w- c:\users\kb\appdata\local\Macromedia 2014-01-04 18:00:43 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{da71ea00-3c98-48d6-847e-31a3f614603c}\offreg.dll 2014-01-04 17:52:56 -------- d-----w- c:\windows\ERUNT 2014-01-04 17:42:45 -------- d-----w- C:\AdwCleaner 2014-01-03 06:32:38 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{da71ea00-3c98-48d6-847e-31a3f614603c}\mpengine.dll 2014-01-02 16:51:46 -------- d-----w- c:\users\kb\appdata\roaming\Malwarebytes 2014-01-02 16:51:34 -------- d-----w- c:\programdata\Malwarebytes 2014-01-02 16:51:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-01-02 16:51:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-12-21 07:19:49 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys 2013-12-19 17:04:07 -------- d-----w- c:\users\kb\appdata\local\Program Files 2013-12-19 16:41:29 -------- d-----w- c:\users\kb\appdata\local\Amazon Cloud Player 2013-12-19 11:08:55 -------- d-----w- c:\program files\QGIS Dufour 2013-12-12 00:37:15 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2013-12-12 00:37:14 164864 ----a-w- c:\program files\windows media player\wmplayer.exe 2013-12-11 13:14:23 301568 ----a-w- c:\windows\system32\msieftp.dll 2013-12-11 13:14:22 159232 ----a-w- c:\windows\system32\imagehlp.dll 2013-12-11 13:14:21 163840 ----a-w- c:\windows\system32\scrrun.dll 2013-12-11 13:14:21 141824 ----a-w- c:\windows\system32\wscript.exe 2013-12-11 13:14:21 126976 ----a-w- c:\windows\system32\cscript.exe 2013-12-11 13:14:21 121856 ----a-w- c:\windows\system32\wshom.ocx 2013-12-11 13:14:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2013-12-11 13:14:18 2048 ----a-w- c:\windows\system32\tzres.dll 2013-12-11 13:14:15 81408 ----a-w- c:\windows\system32\drivers\drmk.sys 2013-12-11 13:14:15 2349056 ----a-w- c:\windows\system32\win32k.sys 2013-12-11 13:14:15 177152 ----a-w- c:\windows\system32\drivers\portcls.sys . ==================== Find3M ==================== . 2014-01-04 19:08:59 284672 ----a-w- c:\windows\system32\drivers\usbport.sys.bak 2014-01-04 19:07:59 86608 ----a-w- c:\windows\system32\drivers\arcsas.sys.bak 2013-12-21 07:19:29 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-21 07:19:29 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-21 07:19:29 43152 ----a-w- c:\windows\avastSS.scr 2013-12-21 07:19:29 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-21 07:19:16 264560 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2013-12-15 10:30:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-15 10:30:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-11 16:36:39 204 ----a-w- c:\windows\system32\yqge91v.dll 2013-12-11 16:36:39 100 ----a-w- c:\windows\system32\prsgrc.dll 2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll 2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll 2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe 2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe 2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll 2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl 2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll 2013-11-19 02:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-10-24 07:00:05 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-10-24 07:00:05 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-10-24 06:59:51 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-10-14 17:41:58 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-10-14 17:41:58 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll 2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-10-08 05:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: ST950042 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x82E55000]<< >>UNKNOWN [0x8A5CF000]<< >>UNKNOWN [0x8A5BE000]<< >>UNKNOWN [0x89EAF000]<< >>UNKNOWN [0x82E1E000]<< >>UNKNOWN [0x8A014000]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x82E8BBBA] -> \Device\Harddisk0\DR0[0x86944350] \Driver\Disk[0x86943238] -> IRP_MJ_CREATE -> 0x8A5D339F 3 [0x8A5D359E] -> ntkrnlpa!IofCallDriver[0x82E8BBBA] -> [0x85F0A3A8] \Driver\ACPI[0x85198C60] -> IRP_MJ_CREATE -> 0x89EB84CC 5 [0x89EB83D4] -> ntkrnlpa!IofCallDriver[0x82E8BBBA] -> \Device\Ide\IAAStorageDevice-1[0x85F69028] \Driver\iaStor[0x85EF88F0] -> IRP_MJ_CREATE -> 0x8A058954 kernel: MBR read successfully _asm { JMP 0x10; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 18:37:33,05 ===============
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Hi CarlosTurco, please find attached the list of threats C:\Users\KB_2\Downloads\installer.exe Win32/InstallCore.DY application cleaned by deleting - quarantined C:\Users\KB_2\Downloads\MyPhoneExplorer_Setup_1.8.4.exe multiple threats cleaned by deleting - quarantined C:\Users\KB_2\Downloads\PDFXVwer207.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Users\KB_2\Downloads\winamp565_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined F:\Eigene Dateien\Setup\cdbxp_setup_4.3.8.2560.exe Win32/OpenCandy application cleaned by deleting - quarantined F:\KB-PC\Backup Set 2013-02-02 171256\Backup Files 2013-02-02 171256\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined F:\KB-PC\Backup Set 2013-02-11 090036\Backup Files 2013-02-11 090036\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined F:\KB-PC\Backup Set 2013-04-15 082952\Backup Files 2013-04-15 082952\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined F:\KB-PC\Backup Set 2013-06-16 190001\Backup Files 2013-06-16 190001\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined F:\KB-PC\Backup Set 2013-06-16 190001\Backup Files 2013-08-26 085200\Backup files 2.zip multiple threats deleted - quarantined F:\KB-PC\Backup Set 2013-10-20 190004\Backup Files 2013-10-20 190004\Backup files 5.zip multiple threats deleted - quarantined F:\KB-PC\Backup Set 2013-10-20 190004\Backup Files 2013-10-27 214101\Backup files 1.zip Win32/InstallCore.DY application deleted - quarantined F:\KB-PC\Backup Set 2013-10-20 190004\Backup Files 2013-11-04 085551\Backup files 1.zip Win32/OpenCandy application deleted - quarantined F:\KB-PC\Backup Set 2013-11-11 073124\Backup Files 2013-11-11 073124\Backup files 5.zip Win32/InstallCore.DY application deleted - quarantined F:\KB-PC\Backup Set 2013-11-11 073124\Backup Files 2013-11-11 073124\Backup files 6.zip multiple threats deleted - quarantined F:\KB-PC\Backup Set 2013-11-11 073124\Backup Files 2013-11-11 073124\Backup files 9.zip Win32/OpenCandy application deleted - quarantined
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Hi CarlosTurco, I just wanted to let you know that the online scan is still running. It is at 81% after 12h30, I hope this is normal. I will post the list as soon as it is completed. cheers
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

CarlosTurco, this is the report from RogueKiller RogueKiller V8.8.0 [Dec 27 2013] durch Tigzy mail: tigzyRK<at>gmail<dot>com mail : tigzyRK<at>gmail<dot>com Kommentare : http://www.adlice.com/forum/ Webseite : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Gestartet in : Normaler Modus Benutzer : KB [Admin Rechte] Funktion : Scannen -- Datum : 01/04/2014 20:09:14 | ARK || FAK || MBR | ¤¤¤ Böswillige Prozesse : 1 ¤¤¤ [sUSP PATH] AmazonMP3DownloaderHelper.exe -- C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7] -> GELÖSCHT [TermProc] ¤¤¤ Registry-Einträge : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> GEFUNDEN [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> GEFUNDEN [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> GEFUNDEN [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN ¤¤¤ Geplante Tasks : 0 ¤¤¤ ¤¤¤ Autostart-Einträge : 0 ¤¤¤ ¤¤¤ Web-Browsern : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ ¤¤¤ Treiber : [NICHT GELADEN 0xc0000033] ¤¤¤ ¤¤¤ Externe Hives: ¤¤¤ ¤¤¤ Infektion : ¤¤¤ ¤¤¤ Hosts-Datei: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500420AS +++++ --- User --- [MBR] a208439c4e9000012ad08c3093f44bc9 [bSP] 250fe9afcee7ff31a6b68c9b6ab344d9 : Lenovo MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 149900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 326938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) WD My Passport 0740 USB Device +++++ --- User --- [MBR] f1e65e625ad50e2139debabe8b2458f7 [bSP] a2afca834be8506a95112da9d22fbe5f : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953836 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. ) +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB Device +++++ --- User --- [MBR] df081d9a1a15e9794af3ae9dd810c3b2 [bSP] 6ee11b1e7170ff717321933bbf854c24 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1701998624 | Size: 795662 Mo 1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1330184192 | Size: 263172 Mo 2 - [XXXXXX] DISKMNG (0x53) [VISIBLE] Offset (sectors): 538989391 | Size: 682794 Mo 3 - [XXXXXX] BTWIZ (0xbb) [HIDDEN!] Offset (sectors): 3910009470 | Size: 31 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. ) Abgeschlossen : << RKreport[0]_S_01042014_200914.txt >>
Help needed with Malware.Trace and PUP.Optional infections

leucorchestris replied to leucorchestris's topic in Resolved Malware Removal Logs

Dear CalrosTurco, many thanks for helping me, your guidance is really appreciated. Here are the three log files # AdwCleaner v3.016 - Bericht erstellt am 04/01/2014 um 18:45:32 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : KB - KB-PC # Gestartet von : C:\Users\KB_2\Desktop\AdwCleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files\MyPC Backup Ordner Gelöscht : C:\Users\KB\Documents\optimizer pro ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\UpdateStar Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\KB\AppData\Roaming\Mozilla\Firefox\Profiles\pqsrjkp4.default\prefs.js ] [ Datei : C:\Users\KB_2\AppData\Roaming\Mozilla\Firefox\Profiles\oxre5vxf.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ Datei : C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Datei : C:\Users\KB_2\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2649 octets] - [04/01/2014 18:42:50] AdwCleaner[s0].txt - [2576 octets] - [04/01/2014 18:45:32] ########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [2636 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows 7 Professional x86 Ran by KB on 04.01.2014 at 18:52:57,98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04.01.2014 at 18:56:01,94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zoek.exe v5.0.0.0 Updated 04-Januari-2014 Tool run by KB on 04.01.2014 at 19:08:20,81. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\KB\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 04.01.2014 19:10:08 Zoek.exe System Restore Point Created Succesfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1101163928-3596118184-1829798094-1000\Software\Mozilla\Firefox\Extensions\{FCF36B88-1BBA-487f-B64B-D2E8980A9293} deleted successfully ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\FortiSSLVPNdaemon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Lenovo\Access Connections\AcSvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\TpShocks.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Users\KB_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe C:\Program Files\Personal\bin\Personal.exe C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\explorer.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\system32\taskeng.exe C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Personal\bin\Personal.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\Windows\system32\igfxext.exe C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files\Sony\Sony PC Companion\PCCService.exe C:\Windows\explorer.exe C:\Users\KB\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\KB\AppData\Roaming\Mozilla\Firefox\Profiles\pqsrjkp4.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs__1919_.backup ProfilePath: C:\Users\KB_2\AppData\Roaming\Mozilla\Firefox\Profiles\oxre5vxf.default user.js not found ---- Lines ask.com removed from prefs.js ---- user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); ---- FireFox user.js and prefs.js backups ---- prefs__1919_.backup ==== Deleting Files \ Folders ====================== C:\Users\KB_2\.android deleted C:\found.000 deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Memory (RAM): 2521 MB CPU Info: Intel® Core2 Duo CPU T6670 @ 2.20GHz CPU Speed: 2059,9 MHz Sound Card: Lautsprecher (Conexant 20561 Sm | SPDIF-Schnittstelle (Conexant 2 | Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; PnP-Monitor (Standard) | Lenovo L2251pwD(Analog) | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Intel® 82567LM Gigabit Network Connection | Intel® WiFi Link 5100 AGN | Microsoft Virtual WiFi Miniport Adapter CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT30N Ports: COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 146,4GB | D: 319,3GB | F: 931,5GB | G: 931,5GB Hard Disks - Free: C: 70,9GB | D: 256,1GB | F: 312,4GB | G: 298,5GB Manufacturer *: LENOVO BIOS Info: AT/AT COMPATIBLE | 10/17/12 | LENOVO - 3240 Time Zone: Mitteleuropäische Zeit Motherboard *: LENOVO 2786W3C Country: Deutschland Language: DEU ==== System Specs (Software) ====================== Anti-Virus: avast! Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Internet Security disabled (Outdated) Firewall: avast! Internet Security disabled Default Browser: Firefox 26.0 Internet Explorer Version: 11.0.9600.16476 Mozilla Firefox version: 26.0 (x86 de) Google Chrome version: 31.0.1650.63 Sun Java version: 1.7.0_45 (32-bit) Flash Player version: 11.9.900.170 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\KB\AppData\Local\Temp ==== 2014-01-04 18:00:51 B0900C9BD9166147E1A9CD4567FE595F 20208024 ----a-w- C:\Users\KB\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.181_NetStorage.exe 2014-01-04 17:52:47 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ====== Java Cache ===== 2013-12-06 10:54:43 09960FC30A5ECA359B9BFE58B42D4468 201144 ----a-w- C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\a75810e-75a3fa84-1.6.2.15- 2013-12-19 08:46:20 37C8AC49B270F6AB8A52BB2E6737B869 92 ----a-w- C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6640c556-6.0.lap 2013-12-19 08:46:26 A312DE2E92CC31D48B86E7FC3F30CCBC 24876 ----a-w- C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2fb889a6-427a1351 2013-12-06 10:54:38 C433C3F707A25CB33D2808FD5E23F560 101 ----a-w- C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\31131fe6-6.0.lap 2013-12-19 08:46:23 8362FAE07B26F529EF36660E34821C93 183791 ----a-w- C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7b32e2af-161653d7 ====== C:\Windows\system32 ===== 2014-01-02 19:08:43 E9837BF503B480C45D88559D8F210F87 1542 ----a-w- C:\Windows\System32\Energie1.ini ====== C:\Windows\system32\drivers ===== 2014-01-02 16:51:31 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-12-21 07:19:49 37A6A39C1792BA961EE6172A0F3CA236 64168 ----a-w- C:\Windows\System32\drivers\aswstm.sys 2013-12-11 13:14:15 EB6137D696A9B4E9718AC6F8641CB4C9 177152 ----a-w- C:\Windows\System32\drivers\portcls.sys 2013-12-11 13:14:15 9842041E2F5ACE1E2F5FB4EF02053DC8 81408 ----a-w- C:\Windows\System32\drivers\drmk.sys ====== C:\Windows\Tasks ====== 2013-12-19 16:41:36 B19654C4AF19EE85B4F9B2B367EE0EEE 1592 ----a-w- C:\Windows\system32\Tasks\Amazon Music Helper 2013-12-15 09:48:10 22A68FBCA39473FF24AE600EC91163DC 3822 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater 2013-12-15 09:48:10 1E1D345F0DF8174CC27684BD7ABC6D0F 884 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-12-19 11:08:55 -------- d-----w- C:\Program Files\QGIS Dufour ======= C: ===== ====== C:\Users\KB\AppData\Roaming ====== 2013-12-19 17:07:58 -------- d-----w- C:\Users\KB_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2013-12-19 17:07:55 -------- d-----w- C:\Users\KB_2\AppData\Local\Amazon Cloud Player 2013-12-19 17:04:13 -------- d-----w- C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2013-12-19 17:04:07 -------- d-----w- C:\Users\KB\AppData\Local\Program Files 2013-12-19 16:41:34 -------- d-----w- C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2013-12-19 16:41:29 -------- d-----w- C:\Users\KB\AppData\Local\Amazon Cloud Player 2013-12-06 10:54:50 -------- d-----w- C:\Users\KB_2\AppData\Local\QuosaDDM ====== C:\Users\KB ====== 2014-01-04 17:51:07 5C2217C2FCA1F87DDD4FAB6C65BC7142 1036305 ----a-w- C:\Users\KB_2\Desktop\JRT.exe 2014-01-04 17:41:55 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\KB_2\Desktop\AdwCleaner.exe 2014-01-02 15:18:48 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\KB_2\Downloads\otl.exe 2014-01-02 15:16:19 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\KB_2\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-19 11:13:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour ====== C: exe-files == 2014-01-04 18:01:10 6E0105823B4FE91632C9DA8314418417 655536 ----a-w- C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe 2014-01-04 18:00:51 B0900C9BD9166147E1A9CD4567FE595F 20208024 ----a-w- C:\Users\KB\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.181_NetStorage.exe 2014-01-04 17:52:47 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-01-04 17:51:07 5C2217C2FCA1F87DDD4FAB6C65BC7142 1036305 ----a-w- C:\Users\KB_2\Desktop\JRT.exe 2014-01-04 17:41:55 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\KB_2\Desktop\AdwCleaner.exe 2014-01-02 15:18:48 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\KB_2\Downloads\otl.exe 2014-01-02 15:16:19 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\KB_2\Downloads\mbam-setup-1.75.0.1300.exe === C: other files == 2014-01-04 17:52:46 DABF8DE82A47FA9BD95CCD37FA2A2B41 10261 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\JRT.bat 2014-01-04 17:52:46 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\modules.bat 2014-01-04 17:52:46 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\chrome.bat 2014-01-04 17:52:46 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\firefox.bat 2014-01-04 17:52:46 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\FWPolicy.bat 2014-01-04 17:52:46 B7D46D5BC21F69EFEEFFC15060E423AC 154167 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\misc.bat 2014-01-04 17:52:46 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\ask.bat 2014-01-04 17:52:46 A6CC6D343828E5003C52323B20F0F8D8 16063 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\get.bat 2014-01-04 17:52:46 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\ev_clear.bat 2014-01-04 17:52:46 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\iexplore.bat 2014-01-04 17:52:46 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\runvalues.bat 2014-01-04 17:52:46 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\delorphans.bat 2014-01-04 17:52:46 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\prelim.bat 2014-01-04 17:52:46 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\searchlnk.bat 2014-01-04 17:52:46 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\TDL4.bat 2014-01-04 17:52:46 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\medfos.bat 2014-01-04 17:52:46 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\KB\AppData\Local\Temp\jrt\delfolders.bat 2014-01-02 16:51:31 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1101163928-3596118184-1829798094-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sony PC Companion"="C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe /Background" "Amazon Cloud Player"="C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" "AmazonMP3DownloaderHelper"="C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [HKEY_USERS\S-1-5-21-1101163928-3596118184-1829798094-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Acrobat Synchronizer"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "Amazon Cloud Player"="C:\Users\KB_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "AcWin7Hlpr"="C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe" "TpShocks"="TpShocks.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "tsnp2uvc"="C:\Windows\tsnp2uvc.exe" "LENOVO.TPKNRRES"="C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" "SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sony PC Companion"="C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe /Background" "Amazon Cloud Player"="C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" "AmazonMP3DownloaderHelper"="C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PasswordManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PasswordManager" "hkey"="HKLM" "command"="C:\\Program Files\\Lenovo\\Password Manager\\password_manager.exe" ==== Startup Folders ====================== 2013-05-21 13:23:56 1010 ----a-w- C:\Users\KB_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-01-14 09:28:05 1089 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID Security Application.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15.12.2013 11:30] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07.04.2013 14:57] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-KB-PC-KB_2" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\system32\tasks\Amazon Music Helper" [C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\{191DA675-98A9-4BC8-B9DD-83743E1EEA5A}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\{5DF0A56D-4CCF-47AC-B672-CC57C75632EC}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\{7E072328-2BC5-44B5-A488-7723668191D7}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\{BE9A44C6-3409-4C06-974F-4A67455E559B}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\{DCB37D6C-7F8B-44B4-8AD2-0404E44D08E8}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\{E0CBD5CD-6BDF-4C42-BC24-B4E0A19C9D3E}" ["C:\Program Files\Mozilla Firefox\firefox.exe"] "C:\Windows\system32\tasks\{E4861772-E127-4F1A-AB1F-FB49330D85EA}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\system32\tasks\TVT\ChangePWD" [%RR%\rrcmd.exe] "C:\Windows\system32\tasks\TVT\LaunchRnR" [C:\Program Files\Lenovo\Rescue and Recovery\rrcmd.exe] "C:\Windows\system32\tasks\TVT\TVSUUpdateTask" ["C:\Program Files\Lenovo\System Update\tvsuShim.exe"] "C:\Windows\system32\tasks\TVT\UpdateRnR" [%TVTCOMMON%\Scheduler\tvtsetsched.exe] ==== Folders in C:\ProgramData 0-6 Months Old ====================== 2013-07-26 13:32:57 -------- d-----w- C:\ProgramData\Sun 2013-10-22 08:38:00 -------- d-----w- C:\ProgramData\Oracle 2013-10-22 08:48:50 -------- d-----w- C:\ProgramData\TEMP 2013-11-19 12:15:40 -------- d-----w- C:\ProgramData\InstallShield 2014-01-02 16:51:34 -------- d-----w- C:\ProgramData\Malwarebytes ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{8AA36F4F-6DC7-4c06-77AF-5035170634FE}"="C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox" [23.04.2013 14:22] ==== Firefox Extensions ====================== ProfilePath: C:\Users\KB\AppData\Roaming\Mozilla\Firefox\Profiles\pqsrjkp4.default - Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox ProfilePath: C:\Users\KB_2\AppData\Roaming\Mozilla\Firefox\Profiles\oxre5vxf.default - Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox - avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\KB\AppData\Roaming\Mozilla\Firefox\Profiles\pqsrjkp4.default F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update 6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U45 F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18 04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat 77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\browser\nppdf32.dll - Adobe Acrobat 260488E2BC07C276D1EDD54CCA086809 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin E09A55AB513C4D5145F1C318ED024747 - C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll - AmazonMP3DownloaderPlugin BC14E71CDF13C6AE8C1250F1CA129822 - C:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector C4F8C5C1FA6C83132E5D57DAA98C0A40 - C:\Program Files\Personal\bin\np_prsnl.dll - Nexus Personal F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect E938DED72100695BFE7F9644F1F08E97 - C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll - FortiClient SSLVPN Tunnel Service A70381F8D59FC365BED24B517DAE4A3A - C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll - FortiClient SSLVPN CacheClean Service 41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect ==== Chrome Look ====================== Google Wallet - KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Docs - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Chrome In-App Payments service - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== shortcuts on Users Desktops ====================== C:\Users\KB\Desktop\1by1.lnk - C:\Program Files\1by1\1by1.exe C:\Users\KB\Desktop\Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe C:\Users\KB\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\KB\Desktop\IrfanView.lnk - C:\Program Files\IrfanView\i_view32.exe C:\Users\KB\Desktop\QGIS Browser 2.0.1.lnk - C:\Program Files\QGIS Dufour\bin\nircmd.exe exec hide C:\PROGRA~1\QGISDU~1\bin\qgis-browser.bat C:\Users\KB\Desktop\QGIS Desktop 2.0.1.lnk - C:\Program Files\QGIS Dufour\bin\nircmd.exe exec hide C:\PROGRA~1\QGISDU~1\bin\qgis.bat C:\Users\KB\Desktop\SyncBackFree.lnk - C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe C:\Users\KB_2\Desktop\1by1.lnk - C:\Program Files\1by1\1by1.exe C:\Users\KB_2\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\KB_2\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\Users\KB_2\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\KB_2\Desktop\To do.lnk - F:\Eigene Artikel\To Do.docx ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe C:\Users\Public\Desktop\avast Internet Security.lnk - C:\Users\Public\Desktop\avast SafeZone.lnk - C:\Users\Public\Desktop\Citavi 3.lnk - C:\Program Files\Citavi 3\bin\Citavi.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\Public\Desktop\R i386 3.0.2.lnk - C:\Program Files\R\R-3.0.2\bin\i386\Rgui.exe C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe C:\Users\Public\Desktop\STATISTICA.lnk - C:\Program Files\StatSoft\STATISTICA 10\statist.exe ==== shortcuts in Users Start Menu ====================== C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon MP3-Downloader\Amazon MP3-Downloader.lnk - C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3Downloader.exe C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon MP3-Downloader\Uninstall Amazon MP3-Downloader.lnk - C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\Uninstall.exe C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Uninstall.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Uninstall.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Internet Security.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast SafeZone.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\MSYS Shell.lnk - C:\Program Files\QGIS Dufour\apps\msys\msys.bat C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\OSGeo4W.lnk - C:\Program Files\QGIS Dufour\OSGeo4W.bat C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\QGIS Browser 2.0.1.lnk - C:\Program Files\QGIS Dufour\bin\nircmd.exe exec hide C:\PROGRA~1\QGISDU~1\bin\qgis-browser.bat C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\QGIS Desktop 2.0.1.lnk - C:\Program Files\QGIS Dufour\bin\nircmd.exe exec hide C:\PROGRA~1\QGISDU~1\bin\qgis.bat C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\Setup.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\GRASS GIS 6.4.3\GRASS 6.4.3 Command Line.lnk - C:\Program Files\QGIS Dufour\bin\grass64.bat -text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\GRASS GIS 6.4.3\GRASS 6.4.3 GUI.lnk - C:\Program Files\QGIS Dufour\bin\grass64.bat -wx C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\GRASS GIS 6.4.3\GRASS 6.4.3 Old TclTk GUI.lnk - C:\Program Files\QGIS Dufour\bin\grass64.bat -tcltk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Deinstallieren.lnk - C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe -uninst -runfromtemp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk - C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Acrobat X Pro.lnk - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Illustrator CS5.1.lnk - C:\Program Files\Adobe\Adobe Illustrator CS5.1\Support Files\Contents\Windows\Illustrator.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Photoshop CS5.1.lnk - C:\Program Files\Adobe\Adobe Photoshop CS5.1\Photoshop.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Comprehensive Meta Analysis V2.lnk - C:\Windows\Installer\{613F5947-9535-4F3D-A8D3-7F245942F9A4}\Icon613F59472.ico C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\FortiClient SSLVPN.lnk - C:\Program Files\Fortinet\SslvpnClient\FortiSSLVPNclient.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\GPS TrackMaker.lnk - C:\Program Files\TrackMaker\trackmaker.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\InterVideo WinDVD.lnk - C:\Program Files\InterVideo\WinDVD\WinDVD.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\IrfanView.lnk - C:\Program Files\IrfanView\i_view32.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mendeley Desktop.lnk - C:\Program Files\Mendeley Desktop\MendeleyDesktop.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PASSaGE 2.lnk - C:\Program Files\PASSaGE 2\PASSaGE.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Past.lnk - C:\Program Files\Past\Past.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PRIMER 6 & PERMANOVA+.lnk - C:\Windows\Installer\{3AFDB27A-CE54-4C98-89A4-AB26FE9A0419}\_C83711F89EB4B0D1DDFE34.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\R i386 3.0.2.lnk - C:\Program Files\R\R-3.0.2\bin\i386\Rgui.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SAM v4.0.lnk - C:\Program Files\SAM\SAM.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SigmaPlot 10.0.lnk - C:\Program Files\SigmaPlot\SPW10\Spw.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\STATISTICA 10.lnk - C:\Program Files\StatSoft\STATISTICA 10\statist.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\STATISTICA 6.0.lnk - C:\Program Files\StatSoft\STATISTICA 6\statist.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SyncBack Free.lnk - C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TpFnF5.exe - Verknüpfung.lnk - C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PasswordManager deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1101163928-3596118184-1829798094-1001\..\Run: [AdobeBridge] (User 'KB_2') O4 - S-1-5-21-1101163928-3596118184-1829798094-1001 Startup: Dropbox.lnk = C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'KB_2') O4 - S-1-5-21-1101163928-3596118184-1829798094-1001 User Startup: Dropbox.lnk = C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'KB_2') O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FortiClient SSLVPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\Windows\system32\FortiSSLVPNdaemon.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe O23 - Service: STATISTICA Version Manager - Unknown owner - C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ==== Empty IE Cache ====================== C:\Users\KB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\KB_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\KB_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\KB_2\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\KB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4U8F1M9 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\KB\AppData\Local\Mozilla\Firefox\Profiles\pqsrjkp4.default\Cache emptied successfully C:\Users\KB_2\AppData\Local\Mozilla\Firefox\Profiles\oxre5vxf.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\KB_2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7 folders=2 1136571 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\KB_2\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\KB\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\KB\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\KB_2\AppData\Local\Temp\qtsingleapp-Amazon-bdab-1-lockfile" not deleted "C:\Users\KB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4U8F1M9" not found ==== EOF on 04.01.2014 at 19:36:26,54 ======================

Sign In

leucorchestris

Posts

Joined

Last visited

Reputation

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Help needed with Malware.Trace and PUP.Optional infections

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information